Windows XP Hacks, Second Edition
|
Hack 75. Hide Folders and Files with the Encrypting File SystemProtect all the information on your PC from prying eyes using XP Professional's built-in encryption scheme. If you have Windows XP Pro, you can use the Encrypting File System (EFS) to encrypt your files so that no one else can read them.
EFS lets you encrypt only the files and folders of your choice; you can encrypt a single file or folder or all your files and folders. Encrypted files and folders show up in Windows Explorer in green, so you can tell at a glance which have been encrypted. You can work with encrypted files and folders transparently. In other words, after you encrypt them, you open and close them as you normally would any other file. They're decrypted on the fly as you open them, and then decrypted as you close them. You're the only person who can read or use the files. Encryption is tied to your account name, so even other accounts on the same computer won't be able to read or use them, unless you specifically grant access to certain accounts.
EFS does have a few minor limitations you should be aware of:
When you work with encrypted files and folders, they seem to behave like any other files on your hard disk. In fact, though, their behavior is somewhat different, and you might notice files you thought were encrypted suddenly become decrypted for no apparent reason. So, before you turn on encryption, you should understand the common actions you can take with encrypted files and folders, and what the results will be. Table 8-1 lists what you need to know.
8.2.1. Encrypting Files and Folders
To encrypt a file or folder, right-click the file or folder and choose Properties
Figure 8-1. Encrypting files or folders using the Advanced Attributes dialog box
Check the box next to "Encrypt contents to secure data." Note that you can't check both this box and the "Compress contents to save disk space" box. You can either compress the item or encrypt it, but not both. Click OK and then OK again. If you're encrypting a folder, the Confirm Attributes Changes dialog box appears, as shown in Figure 8-2. You have a choice of encrypting the folder only, or encrypting the folder plus all subfolders and all the files in the folder and subfolders. If you encrypt the folder only, none of the files currently in the folder will be encrypted, but any new files you create, move, or copy into the folder will be encrypted. Figure 8-2. Encrypting the folder only, or all the subfolders and files as well
If you're encrypting a file in an unencrypted folder, the Encryption Warning box will appear, as shown in Figure 8-3. You have the choice of encrypting the file only, or the file and the parent folder. As a general rule, you should encrypt the folder as well as the file because if you encrypt only the file, you might accidentally decrypt it without realizing it. Some applications save copies of your files and delete the original; in those instances, the files become decrypted simply by editing them. If you encrypt the folder as well, all files added to the folder are encrypted, so the saved file is automatically encrypted. Click OK after you make your choice. Figure 8-3. Encrypting the parent folder as well as the file
Note that you won't be able to encrypt every file on your system. Files that have the System attribute, as well as files located in C:\Windows and its subfolders, can't be encrypted. 8.2.2. Decrypting Files and Folders
You decrypt files and folders in the same way that you encrypt them. Right-click the file or folder, choose Properties 8.2.3. Letting Others Use Your Encrypted Files
When you encrypt files, you can still share them with others and let them use them as if they were not encrypteda process that XP defines as transparent. You'll be able to share them this way only with other users on the same computer or with others on your network. You designate who can use the files and who can't. To allow specified people to use your encrypted files, right-click an unencrypted file and choose Properties Figure 8-4. The Encryption Details dialog box The Select User dialog box appears. Choose the user you want to be able to use your encrypted files, and click OK. Only users who have Encrypting File System certificates on the computer will show up on this list. The easiest way for someone to create a certificate is to encrypt any file; that automatically creates a certificate. 8.2.4. Encrypting and Decrypting from the Command Line
If you prefer the command line to a graphical interface, you can encrypt and decrypt using the cipher.exe command-line tool. To find out the current state of encryption of the directory you're in, type cipher without parameters at a command prompt. cipher tells you the state of the directory. For individual files, it lists a U next to files that are not encrypted, and an E next to those that are encrypted. When used with parameters, cipher can encrypt and decrypt files and folders, show encryption information, create new encryption keys, and generate a recovery agent key and certificate. To encrypt or decrypt a folder or file, use the complete path, filename (if you're acting on a file), and any appropriate switches, as outlined in Table 8-2. The /E switch encrypts folders or files, and the /D switch decrypts them. To perform the task on multiple folders or files, separate them with single spaces. For example, to encrypt the \Secret and \Topsecret folders, issue this command: cipher /E \Secret \Topsecret
Note that you can use wildcards with the cipher command. Using the command line instead of the graphical interface is particularly useful for performing bulk or batch operationsfor example, simultaneously encrypting or decrypting multiple folders or files, or types of files within folders. Let's say, for example, you want to encrypt every .doc file in the \Secret and \Topsecret folders, but not touch any other files in those folders. You issue this command: cipher /E /A \Secret\*.DOC \Topsecret\*.DOC
Table 8-2 lists the most useful command-line switches for cipher. For more help, type cipher /? at the command line.
|
|