How do I encrypt specific files without moving them?

1

I share a Windows Vista computer with one other user. We're both administrators. I'd like to encrypt the files that are on my side so that if the other user changes my password they won't be able to access my files.

I'd also like to preserve the files as much as possible. For example, I don't want to move them to an encrypted volume and delete the originals or anything. I just want to encrypt the original files and leave them there.

What would be the best option for this? Thanks.

John

Posted 2015-09-03T01:10:53.807

Reputation: 13

1What edition of Windows Vista are you running (e.g. Home, Business, etc.)? – I say Reinstate Monica – 2015-09-03T01:24:29.880

Is this for work or at home? FYI Trucrypt is obsolete and unsupported. https://veracrypt.codeplex.com/ is a leading alternative.

– StackAbstraction – 2015-09-03T01:26:31.737

Ultimate Edition. – John – 2015-09-03T01:26:49.697

It's for at home. – John – 2015-09-03T01:27:33.987

Answers

1

Good your have Windows Vista Ultimate which supports EFS. Only Windows Vista Business, Enterprise and Ultimate editions support EFS which is built-in and quick to use.

Encrypting File System (EFS) is a feature of Windows that you can use to store information on your hard disk in an encrypted format.

Some key features of EFS:

  • Encrypting is simple; just select a check box in the file or folder's properties to turn it on.
  • You have control over who can read the files.
  • Files are encrypted when you close them, but are automatically ready to use when you open them.
  • If you change your mind about encrypting a file, clear the check box in the file's properties.

You could also use Veracrypt but it requires making an encrypted volume file which you said you wanted to avoid. Microsoft Windows EFS is simplier. Remember to backup your EFS Certificate or if you have problems you might loose all your encrypted files.

Update: Yes resetting your password will not allow anyone to decrypt the files. Here is a link with more info (a little complex with DRA and recovery keys) https://social.technet.microsoft.com/Forums/windows/en-US/bcabc27b-d993-415a-9ca2-bd07b8a20737/does-changing-users-password-affect-efs-encrypted-files?forum=w7itprosecurity

EDIT in response to comments: Not my first choice, but perhaps just WinZip or 7Zip compressing the directory with AES encryption then deleting it each time you log off. GPG4Win for windows, might let you highlight all of your files and right-click encrypt. This would be manual decrypt then encrypt when you are done.

BleachBit is a great program for wipping free space and cleaning webbrowser data. This is recommended since you may expose un-encrypted files with the methods above.

VeraCrypt and the encrypted volume file makes this much easier. Why don't you want an encrypted volume (just a file say 500mb) that stores your important documents. You decrypt it all at once and then close it to re-encrypt.

StackAbstraction

Posted 2015-09-03T01:10:53.807

Reputation: 782

I started trying this before but if the person changes my password and is logged in on my account they'll be able to open any file they want just as if it wasn't encrypted, right? Is it possible to back up my certificate, delete the original, and then put it back when I want to access the files? – John – 2015-09-03T01:38:56.077

Yes if they have your password or reset it they can access your files. If a person has physical access to the PC, you have no real security. They can install a key logger to record the password you type. They could install a video camera to record you typing in your password. Yes that might work. – StackAbstraction – 2015-09-03T01:43:49.420

As I understand EFS, if somebody (another administrator) changes your password, *you will lose access to your encrypted files* unless you have taken precautions (like backing up your certificate). – Scott – 2015-09-03T01:58:33.457

2Yes and no. If they have your password they can log in as you and read your files. If they change your password and then log in as you, no, they can't read your files.

But neither can you unless you previously made an NTFS recovery key. – Jamie Hanrahan – 2015-09-03T01:58:50.807

1

Yes reseting the password will not allow anyone to decrypting the files. (without DRA/recovery keys, which Admins by default have access, but you can change) Here is a link with more info (a little complex) https://social.technet.microsoft.com/Forums/windows/en-US/bcabc27b-d993-415a-9ca2-bd07b8a20737/does-changing-users-password-affect-efs-encrypted-files?forum=w7itprosecurity

– StackAbstraction – 2015-09-03T02:06:27.643

Alright thanks everyone. EFS seems like the best option for this case. – John – 2015-09-03T02:11:10.617

Asked: 2015-09-03T01:10:53.807

Viewed: 91 times

Active: 2015-09-03T13:42:17.227