14
2
Ubuntu and MaxOS has an ability to encrypt home folder in case laptop is stolen. Is it possible to do same thing on Windows 7? I need to encrypt home folder so it will be encrypted and decrypted runtime using my password, so if laptop is stolen it is no way for a stealer to remove HDD and read / decrypt sensitive data.
If such thing is possible, what version of Windows 7 provides that functionality? Is "home premium" enough?
grigoryvp
Posted 2009-10-29T10:37:49.407
Reputation: 957
9
TrueCrypt provides the ability to do a pre-boot system encryption. Maybe thats what you're looking for.
schöppi
Posted 2009-10-29T10:37:49.407
Reputation: 1 139
2The OP asks for a way to 'decrypt at runtime using my password', ie windows logon. Pre-boot encryption would work, but a solution closer to the question is preferable. – invert – 2010-10-22T13:49:39.470
yes, but windows encryption seems to be to unsave for him ;) – schöppi – 2010-10-22T14:25:13.243
1I guess you win :) For myself, I want a solution to auto-crypt at login/logout, but not during pre-boot. The other answers are less practical in one way or another. +1 for TrueCrypt! – invert – 2010-10-27T13:23:07.573
7
I found this article on Microsoft.com, it was written for Vista, so should still work on 7.
Right-click the folder or file you want to encrypt, and then click Properties.
Click the General tab, and then click Advanced.
Select the Encrypt contents to secure data check box, and then click OK.
vassie
Posted 2009-10-29T10:37:49.407
Reputation: 386
In my experience, if you encrypt your home folder, you will never be able to permanently decrypt it, since it is always in use by the system. The specified file could not be decrypted. – cowlinator – 2018-06-16T01:05:27.330
Is there any info on how secure this method really is? I also found it does not encrypt file structure, which is still visible and not that ideal. – invert – 2010-10-22T13:51:24.863
5This only works for Ultimate or Pro versions of Windows 7/Vista... – studiohack – 2010-10-24T01:39:42.340
The OP simply asked for which version of Windows 7 he needed. – wag2639 – 2010-10-27T07:23:31.033
1I'm not sure how secure is that. It seems that certificate is stored as a file on the same hard disk, so if laptop is stolen the stealer will just use that certificate to decrypt a folder? – grigoryvp – 2009-10-30T09:21:49.360
4
It is possible to encrypt the entire hard drive (including the home folder) using the BitLocker feature. This is only available in Windows 7 Ultimate.
If by 'home folder' you mean user's data folder (C:\Users\username), that can probably be done in other versions.
dbkk101
Posted 2009-10-29T10:37:49.407
Reputation: 859
Laptops support TPM, but desktop boards do not. For us who don't have TPM we need a better solution. Also it's said that the only thing TPM provides is a 'false sense of security' - http://www.truecrypt.org/faq
– invert – 2010-10-22T06:59:32.6802BitLocker requires hardware encrypton module (TPM) that is not avalable on most computers :( – grigoryvp – 2009-12-26T13:10:19.013
3
As alternative solutions to TrueCrypt, consider EncFS, VeraCrypt, or NTFS Encryption.
Paid alternatives include Microsoft's BitLocker, McAfee, and Symantec.
Using NTFS Encryption
Windows implements NTFS and Encrypting File System as a built in solution. This can be as simple as:
However, I am not the best advocate for this solution, as most scenarios I encounter require backing up user files to a USB drive our cloud storage--where the requirement is to ensure the files remain encrypted on the USB drive or Cloud Storage.
The EncFS Alternative:
This is kind of the "go-to" solution for multi-platform needs, (Windows, Linux, Apple, Android, etc).
For example, EncFS will allow you to synchronize encrypted files to your iPhone, Android Phone, Apple, Linux, Windows, DropBox, GoogleDrive, whatever--and the files will remain encrypted on each device--this is not an option with NTFS EFS Encryption.
Since files are individually encrypted with EncFS, and can be synchronized one at a time, a large "encrypted container," does not have to be re-copied every time one file is changed, as is the case with Veracrypt/TrueCrypt.
However, the down-side is that you will have to edit Windows Login Scripts to mount the EncFS folders as the User's "Documents" folder, etc. But, with NTFS EFS Encryption, this is not an issue and works auto-magically.
Not Using BitLocker or VeraCrypt:
Functionally, BitLocker is similar to VeraCrypt/TrueCrypt when it comes to whole drive encryption. And for the same reasons, neither really address the need to encrypt different users' home folders individually: an admin who is able to decrypt the entire drive will have access to their home folder AND yours as well.
Further, even if you use a separate encrypted drive partition, for each user's "home folder", Windows will not prompt you to decrypt that drive, or prompt you to, at login. Windows will wait until after the User Environment is loaded. -- That means you cannot really "redirect" home folders, (documents, photos, etc), to that encrypted partition reliably.
For those reasons, EncFS is useful for encrypting particular folders, and files.
But, BitLocker and VeraCrypt, (... and dreamily, dmcrypt/Luks with mainstream support for Windows ... Someday ... Soon(tm)) ...
If Choosing to Use VeraCrypt/TrueCrypt:
Obviously, utilizing TrueCrypt, in view of the Security Audit, etc, is not the best idea.
However, there are a /lot/ of startup replacements, of which, Veracrypt "seems" like the most stable ... for now, *cough.
If you insist on using the old TrueCrypt, and you download it from third party sites. You can attempt to validate you have the original copy by:
It is absolutely not the best practice to use unmaintained security tools, when valid alternatives exist. From TrueCrypt's Website: "Using TrueCrypt is not secure as it may contain unfixed security issues".
elika kohen
Posted 2009-10-29T10:37:49.407
Reputation: 269
If you trusted Truecrypt before you can still trust it. It's just not being updated – Ramhound – 2014-11-16T21:18:25.240
The issue is that people, (like in China, etc), are finding hacked "forks" of TrueCrypt on the Internet. I found one that lures people into a false sense of Security by creating a Zip Archive instead of an Encrypted Container. By best practice -- never, ever, rely on unmaintained Security Tools. – elika kohen – 2014-11-16T21:20:28.237
Ok? That doesn't mean the last version that supported encrypting the contents of your drive isn't safe to use. What you describe also isn't anything new. Truecrypt has always been signed, by Truecrypt, the last supported released still is signed. – Ramhound – 2014-11-17T04:59:36.780
1The OP's Question was regarding Home Folder encryption. Even on Linux, encfs is used for this--especially if syncing those files to the cloud. Regarding that last version of TrueCrypt being "digitally signed"--the signature is not on their website. Regardless, getting TrueCrypt from other sources likely net you a hacked version of TrueCrypt, signature file and key. The Best Practice remains: don't use unmaintained security tools especially if alternatives exist. From TrueCrypt's own website: "Using TrueCrypt is not secure as it may contain unfixed security issues." – elika kohen – 2014-11-18T13:45:33.137
Why do you talk about a Linux solution when the user specifically wanted to know about a Windows solution. Any version of Windows supports NTFS own ability to encrypt file on a per user basis
– Ramhound – 2014-11-18T14:31:29.7701I mention Linux in this context to show long-term viability. The fact is: EncFS is multi-platform, just as TrueCrypt 7.1a was/is--BitLocker is not. It is also true that EncFS has a lot more accountability, (auditing), and it is an established, multi-platform solution. EncFS is supported by Linux distributions. TrueCrypt does not remotely have this level of support behind it. Also, EncFS can work on Android devices. It is just a "holistic" solution, and a solution that facilitates syncing with cloud storage. The only other similar option is ecryptfs, which doesn't play well with Windows. – elika kohen – 2014-11-18T14:41:30.100
Your trying to solve a problem with this answer I just don't know what it is; despite my efforts to help you provide a better answer; you seem hell bent on a multi-platform answer. Sometimes its best just to answer the question that was asked. Your suggest alternative seems half-baked on Windows to put it mildly. NTFS own EFS would support encrypting individual user's files. The author doesn't care about a solution that works on Android, I am sure there is another question, where this answer would be a great answer its not this question. – Ramhound – 2014-11-18T14:47:43.823
1You are right, NTFS home folder encryption on Windows is a good solution. NTFS is by far the simplest solution. EncFS will support /all/ of these: multi-platforms, synchronizing /individually encrypted files/ to cloud storage/backup devices, redirection of home folders, support by Linux distributions ... NTFS Encryption does not*. ENCFS will allow a User to copy/paste an encrypted folder to a USB drive, and for it to remain encrypted and usable on other devices. 1. EncFS Encryption; 2. NTFS Encryption; 3. BitLocker; 4. a TrueCrypt Fork. – elika kohen – 2014-11-18T15:00:31.597
1Well; I give up; I can't remove my downvote for a question that does not really address the author's question. While I understand answers are for everyone they have to at least attempt to solve the question's author needs. – Ramhound – 2014-11-18T15:02:23.620
I found this answer quite helpful and informative, and it certainly claims that EncFS works on Windows too, so it seems to directly address the OP's question. I don't understand the harsh criticisms from Ramhound. – Jon Coombs – 2018-03-28T05:13:14.293
2
See How To Encrypt a Folder Using TrueCrypt :
You can use TrueCrypt to create encrypted folder on your PC. With a TrueCrypt encrypted folder if your laptop is stolen, lost or you give someone to use it for a while you don’t need to get worry about your sensitive information being viewed. When you encrypt a folder the person using our PC won’t know what’s inside the folder and cracking TrueCrypt encryptions is a difficult and lengthy process that most laptop thieves or users won’t be familiar with.
As far as I know, the encryption for TrueCrypt was never broken.
NOTE: TrueCrypt is no longer being updated, but its last version still exists.
See also VeraCrypt :
VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt.
VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
VeraCrypt also solves many vulnerabilities and security issues found in TrueCrypt.
VeraCrypt can load TrueCrypt volume. It also offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format.
harrymc
Posted 2009-10-29T10:37:49.407
Reputation: 306 093
@harrymc, TrueCrypt seems to be gone now. – Pacerier – 2015-05-20T09:08:27.117
1@Pacerier: I updated my answer. – harrymc – 2015-05-20T10:08:39.647
1I'm a fan of truecrypt, but can't figure out how to use it to encrypt the user's home directory at logon, that is the unfortunate issue. – invert – 2010-10-22T13:55:59.393
I wonder what will happen if you do encrypt C:\Users<name> and add the mount command at the user's logon script. – harrymc – 2010-10-22T14:24:30.110
There are some technical niceties to such a solution that can only be worked out by trying. – harrymc – 2010-10-22T15:11:26.243
1I'd like an answer to the question in the title. I'd like to encrypt the home folder such that other people could use my laptop in a different account, but information in my home directory would be protected by my password. Whole disk encryption is no help in that regard. – Jason R. Coombs – 2014-12-18T18:21:42.047
1I'm reviving this zombie as it's an answer I'd like too, and not posting duplicate questions. – invert – 2010-10-22T13:48:38.707