Friday 10 October 2003 11.54am
OK... here we go....
To use the Windows based encryption within XP you first need to check whether your hard disk has been formatted in NTFS format (EFS can only be used with NTFS format hard drives). To check this you need to open Windows Explorer, right click on the icon of the hard disk that you on which your data is stored, usually labelled as "Local Disk (C:)" or "Local Disk (D:)", then click on the "Properties" option at the very bottom. This brings up the information about the physical hard disk (with a little pie chart showing you how much disk space you have left). One of the items displayed in this is labelled "File System:" - more that likely it will say either FAT32 or NTFS. If it says FAT32 you can change the format of the drive to NTFS, but I wouldn't really recommend doing it as it can cause problems, but the Windows Encrypted File System will only work with NTFS format drives. If your drive is NTFS format you're in business.
You need to right click the folder that contains the data that you want to encrypt, select the properties option, and then, in the resulting Window you need to select the "Advanced" option. This then gives you a box with the advanced options for the folder that you want to encrypt. You then need to tick the box labelled "Encrypt contents to secure data", then click the "OK" button and the advanced properties window will close, leaving the folder properties window still open. In the folder properties window you need to click the "Apply" button and you will get a confirmation screen on which you need to select the "Apply changes to this folder, sub-folders, and files" option, then click the "OK" button. The confirmation window closes, and you get some activity on the screen (nice Microsoft graphics showing a file being encrypted), and you are then left with the folder properties window which you can close by clicking the "OK" button. You will now see your encrypted folder, and all files contained therein, in green, rather than the usual black, in Windows Explorer.
All files, and folders, contained within the folder that you have selected to encrypt will be shown in green.
Here's the caveat with this method of encryption - there are no passwords required for it, it's all based on your Windows user profile, ie when you log into the computer. If you start your PC and it automatically goes into Windows without you needing to log in this encryption will not really work as anyone who turns the computer on will be able to access your encrypted data. If you need to log in to your computer you will find that although other users of the computer will be able to see your files and folders they won't be able to access or copy them. If you use the EFS option you need to be quite careful with your computer, you may forget that you encrypted the data (because access to it is seamless and no passwords constantly remind you that it's encrypted) and when your computer crashes and you need to reinstall Windows you will find that, as your Windows profile has been deleted, you can no longer access your data as it can only be access using the profile that was initially used to encrypt the data.
There are other options to encrypt your data dependant on how secure you want it, and how much hassle you want to go through to access the data. With the exception of the hard disk based encryption that I mentioned before the general rule is the more secure you want the data to be the more hassle you need to go through to access and change your files.
The hard disk based encryption is a very good option, but again, it will only work if you want to secure your data from unauthorised users of the computer (no password, no way to start the computer), but if you want to secure it from other users on your computer then you need to look at another alternative - I can give you some suggestions if you need them.
(I have quite a good grip of this sort of thing as I pay the mortgage by investigating data stored on computers and identifying what people have been doing on them and then give evidence in court about it - usually corporate fraud and that sort of thing - technically it's known as "computer forensics". One of the things that we have to do very regularly is to decrypt data that has been encrypted by users - passwords are not as strong as you imagine!!)