Shortcomings of File Encryption in Windows 7 (EFS)

In Windows 7 Professional you can encrypt either files or folders and keep specific information private from other users. Encrypted files may become unexpectedly decrypted so it is best practice to encrypt folders which hold the files you want to keep private and secure.

To encrypt a folder:

  • Right click the folder and open its properties
  • Click advanced on the General tab
  • Select “Encrypt contents to secure data”
  • Press ok
  • Encrypting sensitive data, bank account or credit card details, also helps keep your data safe if your computer is hacked or stolen. For example, if your hard drive is removed and installed as an external drive in another computer your encrypted data is still safe – well sort of.

    EFS is Microsoft software designed to work in the NTFS file system. Encrypted files will stay encrypted as long as the data is on a NTFS formatted drive. If the EFS folder is copied to a USB thumb drive formatted in the FAT file system the folder loses its encryption properties.

    Managing EFS recovery keys and certificates.
    If the hard drive on your PC becomes damaged and you need to recover data outside of your usual profile you will need to have “recovery keys and certificate” available. You will need to store this information off the drive with the EFS such as a thumb drive.

    To backup your Recovery Keys and Certificate in Windows 7 Pro

  • Press the start key on your keyboard and type “manage file encryption certificates”
  • Follow the prompts and choose your password carefully
  • An Alternative to EFS shortcomings is Bitlocker
    Another more secure way to encrypt data is with Bitlocker to secure the entire drive. Bitlocker-to-Go is available in Windows 7 Pro for encryption of USB drives, but Bitlocker for drive encryption is only licensed to Windows 7 Ultimate or Enterprise editions, just as EFS is limited in versions other than Windows Prof.