EFS encryption tips make data more secure (2)

Tip: Users who use Windows 2000/XP/Server 2003 must have heard of or have contacted EFS, but because of its complexity, it will lose data if it is not good. Therefore, many people do not use it. In fact, EFS is not as difficult as we imagined. The key is to really play with it. We need to master several key tricks...

Users who use Windows 2000/XP/Server 2003 must hear about it. Or have been exposed to EFS, but because of its complexity, it will lose data if it is not good. Therefore, many people do not use it. In fact, EFS is not as difficult as we imagined. The key is to really play with it. We need to master several key tricks...

EFS: Encrypting File System, encrypted file system. It can help you encrypt files and folders stored on NTFS disk volumes.

NTFS: A disk format supported by Windows 2000/XP/2003 specifically designed for management security features such as network and disk quotas, file encryption. NTFS supports file encryption management to provide users with a higher level of security.

MMC: Short for Microsoft Management Console, an integrated management tool for managing network, computers, services, and other system components. MMC does not perform management functions, but integrates management tools. The main types of tools that you can add to the Control Panel are called snap-ins, and other add-ons include ActiveX controls, links to Web pages, folders, taskpad views, and tasks.

Since EFS's user authentication process is performed when you log in to Windows, you can open any authorized encrypted file as long as the authorized user logs in to Windows. Therefore, EFS is actually transparent to the user. This means that if you encrypt some data, you will not have any restrictions on accessing the data, and there will be no hints, you will not feel it. However, when other unauthorized users attempt to access the encrypted data, they will receive an "access denied" error message to protect our encrypted file.

Tip:

If you want to use EFS to encrypt the file system, you must format the partition of the Windows 2000/XP/Server 2003 encrypted file to NTFS format.

Combat One: Practical EFS Folder Encryption

Step 1: Right-click to select the folder to be encrypted, select "Properties", and then click the "General" tab in the pop-up window. Click "Properties → Advanced" at the bottom, and in the "Compress or Encrypt Properties" column, check "Encrypt content to protect data".

Step 2: Click the "OK" button, go back to the file properties and click the "Apply" button. The "Confirm Property Change" window will pop up, "Use the app for this folder, sub "Folders and files" are marked with "√", and finally click the "OK" button to start encrypting files. In this way, all the files and subfolders that were originally created and newly created in this folder are automatically encrypted.

Step 3: If you want to cancel the encryption, just right click on the folder and uncheck the "Encrypt content to protect the data" check.

Tips

In the command line mode, you can also use the "cipher" command to complete the encryption and decryption of data. Enter "cipher/?" after the command character and press Enter to get specific The method of using the command parameters.

Combat 2: Right-click to easily encrypt and decrypt

Encrypt the file with the above method must be confirmed multiple times, very troublesome, in fact, just modify the registry, you can add "encryption" to the right-click menu of the mouse And the "decrypt" option, you can use the right-click to complete the relevant operations later. Click "Start → Run", enter regedit and press Enter, open the Registry Editor, navigate to [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Exporer/Advanced], and click "New→DWORD" on the "Edit" menu. Value", then enter EncryptionContextMenu as the key name and set the key value to "1". Exit the registry editor, open the resource manager, arbitrarily select a file or folder on an NTFS partition, right-click to find the corresponding "encryption" and "decrypt" options in the right-click menu, click to complete the encryption /decryption operation.

Combat 3: Multi-user prohibits special folder encryption

When multiple users share a computer, we usually specify the user as normal user rights, but the normal user account is by default Encryption is allowed, so if someone uses EFS to encrypt files on a computer shared by multiple users, it will inevitably cause a lot of trouble for other users. Therefore, it is necessary to set certain specific folders to be prohibited from being encrypted or to disable file encryption.

Let me talk about how to disable encryption of a folder by simply creating a file called Desktop.ini in Notepad and adding the following content:

[Encryption]

Disable=1

Finally save this file. This will cause an error message if other users try to encrypt the folder in the future and cannot proceed. Note that you can only use this method to prevent other users from encrypting the folder, and the subfolders in the folder will not be protected.

Webjx.Com Web Tip: Users who use Windows 2000/XP/Server 2003 must have heard of or contacted EFS, but because of its complexity, it will lose data if it is not good. Therefore, many people do not use it. In fact, EFS is not as difficult as we imagined. The key is to really play with it. We need to master several key tricks...

Combat 4: Disable EFS encryption function

To disable EFS encryption, open the Registry Editor, navigate to [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\EFS], click "New→Dword Value" on the "Edit" menu, and enter EfsConfiguration as the key. Name, and set the key value to "1", so the machine's EFS encryption is disabled.

Practical combat five: Export EFS key

After using EFS encryption of Windows 2000/XP, if the system is reinstalled, the original encrypted file cannot be opened! If you did not do it beforehand Good key backup, then the data is never open. Thus, it is important to make a backup of the key.

Step 1: First log in as a local account, preferably a user with administrator privileges. Then click "Start → Run", enter "MMC" and press Enter to open the control panel interface.

Step 2: Click Control Panel → Add Delete Management Unit in the Control Panel. In the Add/Remove Snap-in dialog box that pops up, click the Add button to add independent management. After selecting "Certificate" in the Units dialog box, click the "Add" button to add the unit.

If it is an administrator, you will be asked to select the certificate method, select "My User Certificate", then click the "Close" button, click the "OK" button to return to the Control Panel.

Step 3: Expand the “Control Panel Root Node→Certificate→Personal→Certificate→Select Account in the right window” on the left, right-click and select “All Tasks→Export” to pop up the “Certificate Export Wizard”. .

Step 4: Click the "Next" button, select "Yes, export private key", click the "Next" button, check "Private Information Exchange" under "If possible, will all The certificate includes the "to the certificate path" and "enable the enhanced protection" item, click the "Next" button to enter the setup password interface.

Step 5: Enter the setup password. This password is very important. Once you forget it, you will never get it. You will not be able to import the certificate in the future. After the input is complete, click the "Next" button and select the location and file name where the private key will be saved.

Step 6: Click the “Finish” button, the “Export Successful” dialog box will pop up, indicating that your certificate and key have been exported successfully. Open the path to save the key and you will see an “Envelope”. +Key" icon, this is your precious key! Losing it doesn't just mean you can't open your data anymore, it also means that others can easily open your data.

Combat Six: Import EFS Keys

Since the system is reinstalled, we can't open the files encrypted by EFS, so we must remember to export the keys before reinstalling the system. And then import the backed up key in the new system to gain access.

Tips

★ Make sure that the keys you import have the right to view, otherwise it is useless to import. This requires that you do it when exporting.

★ Remember the password you set when exporting. It is best to use the same username as the export.

Step 1: Double-click the exported key (that is, the file of the "Envelope + Key" icon), you will see the "Certificate Import Wizard" welcome screen, click the "Next" button to confirm the path and Key certificate and click Next to continue.

Step 2: Enter the password set at the time of export after "Password", enter the password and check "Enable strong key protection" and "Mark this key to export" (to ensure the next time Export) and click Next to continue.

Step 3: According to the prompts, click the “Next” button, click OK, click the Finish button, and see “Imported successfully” means you have successfully imported the key.

Try it, can't open the file, can it be opened now?

Tips

★ EFS encrypted files can not be opened, convert NTFS partition into FAT32 partition or use the same username and password to log in or even Ghost back to the original system can not solve the problem, Therefore, it is very important to back up and import EFS keys.

★Windows XP Home Edition does not support EFS.