What does the NTFS encryption protect against?

1

I have encrypted a folder from the (Properties>Advanced>Encrypt contents to secure data). However when I change my user profile to another one which is also an administrator the folder seems to be accessible as if nothing happened.

What exactly does this encryption protect against. I'm looking to encrypt folders that no other user, or another OS or even if the HDD were to be removed and plugged to another device will be accessible.

My OS is Windows 7 Ultimate.

Any suggestions?

Ray

Posted 2014-02-14T12:43:41.423

Reputation: 133

Answers

2

NTFS encryption

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

Source: Encrypting File System

Folder encryption

Windows does not really encrypt folders: when you enable the encryption option, all you're doing is forcing new files created inside to be automatically encrypted. Quoting Wikipedia:

Folders whose contents are to be encrypted by the file system are marked with an encryption attribute. The EFS component driver treats this encryption attribute in a way that is analogous to the inheritance of file permissions in NTFS: if a folder is marked for encryption, then by default all files and subfolders that are created under the folder are also encrypted.

Source: Encrypting File System

If you don't want the folder content to visible at all, you need to change the Access Control List (ACL) permissions from the Security tab of the folder properties. Even if someone else were able to change the permission and see the files, he/she couldn't open them anyway.

Note EFS is not fully supported on Windows 7 Starter, Home Basic, and Home Premium editions.

Further reading

Full encryption

If you need true disk encryption, you should probably look into BitLocker (only available on the Ultimate and Enterprise editions), or a third-party solution like TrueCrypt.

TrueCrypt - update

The official TrueCrypt website now reads:

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.

Further reading

and31415

Posted 2014-02-14T12:43:41.423

Reputation: 13 382

How do I change the ACL, and can someone other than me change the permissions back? Could you elaborate more on this matter? – Ray – 2014-02-14T14:11:51.460

Please note that I'm looking for something that encrypts specific folders. Bitlocker and Truecrypt encrypt the entire partition. (As far as I know) – Ray – 2014-02-14T14:19:17.793

Thats for windows, what about third party software. Is there anything that can encrypt specific folders? – Ray – 2014-02-14T14:54:30.777

@Yoda I've merged the comments in my previous answer, and I've added some more info. Let me know if you have any further questions or doubts. – and31415 – 2014-02-14T17:13:19.163

Thank you very much for your help. Great refinement. I had one final question. How do I access these NTFS encrypted files incase I removed my OS and installed a fresh copy (Win7). I suppose there is a key somewhere that I can keep a backup of? – Ray – 2014-02-16T23:11:39.530

@Yoda You have to backup and then restore the EFS certificate.

– and31415 – 2014-02-17T15:11:02.430

Asked: 2014-02-14T12:43:41.423

Viewed: 1 002 times

Active: 2014-05-29T15:13:59.987