Encrypting File System (EFS): Windows 7 Professional, Enterprise, and/or Ultimate editions have EFS support. While full disk encryption solutions such as BitLocker allow for the entire disk to be encrypted, these solutions do not protect the user after the system or hard drive has been authenticated and is in use. EFS is useful for user-level file and folder encryption. This is critical for shared systems in use by multiple user accounts.

Without EFS, any user can see the other user’s data.

EFS adds on to the NTFS security layer by encrypting the data and only letting it be read with the encryption key. Even a system administrator would not be able to access the data without the encryption key.

Encrypting File System
Encrypting File System

Warning: If a user encrypts his or her hard drive or uses EFS to encrypt a folder, that user will now own the data on that local machine. The encryption key is only on that local machine and should be backed up. If the encryption key is lost, the data in the folder will be very difficult to unlock. When implementing this in Active Directory, environments options are available to back up recovery and encryption keys remotely.

Using EFS in an environment requires planning, but here is how to encrypt a folder for testing purposes: Right-click on the folder, select Properties, click the Advanced button on the General tab, check Encrypt content to secure data as shown in Figure 1.76, and click OK twice. A prompt will ask to apply settings to the folder and all other subfolders or just the folder, select your preference, and click OK. Once settings are applied, that folder should appear with green letters.