back | content | forward

3.4 Encrypting File System

Encrypting File System (EFS) is a good solution for protecting sensitive data. EFS is integrated into all professional Windows® versions. The use of EFS on home versions of Windows® is limited. Read, write and copy operations of encrypted files are allowed, but new files can not be created. Advantages of EFS:
  • Transparent, the user is unaware of encryption, except that he needs to enter a password to log into his user account. No additional password is required.
  • Hardware independent, in conjunction with Reuschtools, encrypted data can be stored on any public place, e.g. the Internet, without the lack of confidentiality. A lost USB stick is protected the same way.
  • User-related, even if a computer will need to be repaired or gets stolen data remains confidential. Files or folders instead can be assigned to specific individuals who may read or modify them.

To use EFS, it sufficient to activate encryption for a folder and its contents. Using Private-Backup will ensure that data marked this way will always be backed up encrypted. If a folder that is entirely encrypted gets backed up, archives will end with .seal instead of .zip.

From the context menu of a folder select Properties->Advanced... and check the box Encrypt contents to secure data.
krypt If this box is checked for the first time, Windows® will created an EFS key for the current user account.

Use the script EfsKey\EfsKeySave.cmd, located in the scripts folder (Programs->Reuschtools->Scripts), to export the key and to back it up to multiple targets. This guarantees that EFS encrypted archives can be read on other computers as needed. You may use the user account password, see below, to export the key.

To securely protect a user account from strangers, the password should have at least 15 randomly selected characters. The script UserAccount\Password.cmd generates random but easily to be typed passwords with 16 characters.

Such a password will be entered within 3 seconds after being used to it.

Lock your user account (Windows® Key + L) whenever you leave the computer.

back | content | forward

Tutorial RT_3.41