The only way to keep files secret is to encrypt them. The Encrypting File System (EFS) in most versions of Windows Vista, XP, and 2000 encrypts the contents of files and folders, making it difficult for prying eyes to discover them.
Preparing for Encryption: EFS is available in Windows Vista Business, Enterprise, and Ultimate editions; XP Professional; and Windows 2000. XP Home does not have EFS, and Vista Starter, Home Basic, and Home Premium only allow for decryption—meaning you can read encrypted files but cannot encrypt them. To use EFS on a partition, that partition must be formatted with the NTFS file system. Encryption requires you to use a password-protected account.
Encrypting Files: To encrypt a file or folder, right-click on it in Explorer or any directory and select Properties (you can also right-click on a group to encrypt multiple files or folders simultaneously). In the General tab, click Advanced, check Encrypt contents to secure data, and then click OK twice. If you are encrypting a folder, you will be asked if you want to encrypt the files or subfolders within it. Once encrypted, the files and folders will function like any other files and folders on the system; you do not need to use any special password to open and save them. Other user accounts on the computer and other computers on the network cannot view the contents of these files. Only someone logged into your account with the correct password can access these files.
Simplifying the Steps: You can streamline the process by using the Encrypt command in the right-click menu (the command changes to Decrypt when you right-click on an already encrypted file). This can also be done in XP by performing a quick Registry edit, but it is easier and safer to use Tweak UI, a free PowerToy from Microsoft. If you have Tweak UI on your system, you need to upgrade it to get the latest version. Once Tweak UI is downloaded, installed, and running, select Explorer in the left pane, scroll down the options on the right, and check Show “Encrypt” on context menu. Click OK. Now, when you right-click on an unencrypted file, you will see a new command Encrypt (or Decrypt if you select an encrypted file). Choose that option and respond to any prompts that appear. Tweak UI is not compatible with Windows Vista. However, the free utility TweakVI from Totalidea software allows you to adjust Vista settings, including adding Encrypt/Decrypt commands to its menu.
Identifying Encrypted Files
To quickly identify which files or folders on your system are encrypted (or using NTFS compression), open Explorer and select Tools, then Folder Options. Click on the View tab, and in the Advanced Settings dialog box, ensure that Show encrypted or compressed NTFS files in color is checked. Encrypted items will appear in green, while compressed items will appear in blue. Alternatively, if you do not want to highlight the encrypted or compressed files in this way, simply uncheck this option. Click OK. XP Pro and Vista users will need this tip only if they want to disable color display for encrypted or compressed files and folders, as OSes do this by default. To open the Folder Options dialog in Vista’s Explorer window, click Organize, then Folder and Search Options.
Additional Permissions: To allow users on the system to access encrypted files by specifying their usernames, first right-click on the encrypted file (not applicable for folders or multiple files) and select Properties. In the General tab, click Advanced, next to ‘Encrypt contents to secure data’, click Details. In the middle of that dialog, click Add to open the Select User dialog, which will list the users with certificates (permissions) on your system. Users can obtain certificates in various ways, but one of the simplest ways is to encrypt one of their own documents. (For more detailed information about certificates, select Start, Help and Support, type certificates overview, and then press
Disable, Do Not Delete: Since encrypted files are linked to user profiles, deleting those profiles will prevent users from accessing their encrypted files. For example, if an employee named Scott has just left but may return to the company, we should disable his profile instead of deleting all his information. In XP, select Start, Run, type lusrmgr.msc, and press
Some Free Software
You may need stronger protection than what EFS provides. Download the free utility TrueCrypt for encryption.
BitLocker in Vista: Full disk encryption will make it difficult for malware to access the system files of Vista, enhancing the file system’s security against prying eyes trying to decrypt files on your system. The BitLocker feature in the Ultimate and Enterprise editions of Vista allows you to encrypt the entire partition on which the operating system is installed, storing the encryption key in the computer’s Trusted Platform Module (TPM) chip or on a USB drive. As USB drives become more common and most of us lack systems with TPM chips, flash drives are indeed an attractive option. However, it is disabled by default.
To enable this option, click Start, type gpedit.msc in the Start Search, and press
Now, whenever you run the BitLocker Drive Encryption applet in Control Panel, it will not complain about the missing TPM module, as it will provide a new link ‘Turn On BitLocker’. BitLocker requires you to boot from a USB drive, which must also have an unencrypted partition.
Hiding Folders with Free Hide Folders
Sometimes the best way to avoid prying eyes on your personal folders is to keep their existence a secret. This can be easily accomplished with Free Hide Folders from Cleanersoft.com. This program allows you to completely hide any folder (and its subfolders along with their contents) with just a few clicks. (Note that in Windows Vista, this program may not completely hide some folders like Music and Documents). Free Hide Folders is password-protected, so it will remain safe even if someone knows you are using this software. It also allows you to back up the hidden states of folders in case of system issues. And as the name suggests, this software is completely free.
Van Linh