In this article, we will talk about how to encrypt files and folders with the standard Windows 10 encryption methods and take a look at two encryption utilities: BitLocker and EFS.
- Standard Windows encryption tools and their differences.
- Encryption with EFS.
- How do I use encryption keys?
- Disk encryption with BitLocker.
- BitLocker Error.
- How do I unlock an encrypted disk?
- How do I password protect individual folders and files
The Windows operating system has built-in utilities designed for data encryption. They can help protect data from third parties and hide content from those who do not know the password.
It is worth noting that Windows built-in encryptors have relatively simple algorithms. It means that with the skill and availability of hacking software, such encryption can be bypassed. However, for ordinary users, the data will remain inaccessible, which can be used, for example, for computers that are used by several different users at once.
Standard Windows encryption tools and their differences
Windows has built-in data encryption tools: BitLocker and EFS.
These utilities allow you to encrypt data and set your own passwords to files quickly.
The BitLocker encryption tool is a highly specialized program designed for disk encryption. With it, you can protect data on the entire hard drive or its partition, without the ability to encrypt individual directories and files.
The EFS utility compensates for BitLocker deficiencies and encrypts both individual folders and all kinds of files. The EFS feature allows a fast and straightforward way to make data inaccessible to other users.
Encryption with EFS
It should be noted at once that the Windows Home Edition is not suitable for data encryption by built-in means, as the utility algorithms are ineffective in this version of the system. Besides, the user should get a removable drive, where he can store a special key capable of decrypting the information in case of losing access to the OS profile ОС.
To start working with the EFS utility, you should select the data needed for encryption and place it in one folder.
Now you should select a folder and press with the right button of your mouse on the selected area where you should choose the “Properties” item and in the opened window go to the “General” tab. On the “General” tab, click on the “Advanced…” button, as shown in the screenshot.
In the window that opens, select the lowermost item “Encrypt content to protect data” and click “OK”
After you press the “Apply” button, the user will be offered two encryption options. Choose one of them and push the “OK” button.
Now the folder will be unavailable to other users using a different account. It should be noted that the current user will be able to open the data at any time, so you should come up with a strong password for your Windows profile.
How do I use encryption keys?
After the encryption is done, the system will automatically warn about creating a special key that can be used to decrypt the specified folder in an emergency
As a rule, the alert will be shown in the lower right corner, where the volume settings are often located.
Click on the notification, and you will see a window with possible actions with the key. If you want to create a backup copy of the key, click on “Archive now”
After that, the certificate export wizard window will open. Click “Next” and go to the window with the settings. Specify the necessary or leave the current parameters and click “Next”
In the window that opens, specify the method of creating with a password, and set your password.
The next step is to save the key to any external drive. When the key is created, you are guaranteed to open and view the necessary folder even if you have lost access to your account.
Disk encryption with BitLocker.
If you need to encrypt disks or removable drives, you should use the built-in BitLocker utility, which allows you to encrypt large amounts of data. To get started with BitLocker, you need the maximal, professional or enterprise version of Windows.
To access BitLocker, you need to right-click on the “Start” button, select “Control Panel”, and go to the first “System and Security” section.
In the window that opens, go to “Bitlocker disk encryption”
Now you need to activate the utility in front of the system disk or the required volume.
The program will automatically analyze your drive and offer you a choice of unlocking method.
If your motherboard has a TPM module, you can choose additional unlock methods. You can also use the utility to protect the drive with a password or create a special flash drive with a key that can unlock the drive when connected.
Regardless of which unlock method you choose, BitLocker will provide you with a unique key to unlock the drive. You can use this key if you lose your flash drive or password.
You can print this key, save it as a document to removable media or save it to a Microsoft server. It is worth noting that this step is crucial because without the emergency key and if other unlocking tools are lost, the drive will remain locked.
After performing all the actions, the utility will offer you to choose the encryption method from which you should select the preferred one.
After that, the computer will be rebooted, and on a new boot, the system will have a pointer the encryption process.
In some cases, an error message may appear instead of choosing an unlock method. It means that this computer does not have a TPM module located on the motherboard. The TPM module is a unique microchip that can store the encrypted keys used to unlock the drives.
If the module is not connected, there is a way to bypass this error. To do so, follow these steps:
Step 1: Right click on the “Start” button, select the “Run” item and enter the “gpedit.msc” command in the window that opens.
Step 2: In the Group Policy Editor, go to the following path: “Local Computer”, “Computer Configuration”, “Administrative Templates”, “Windows Components”, “BitLocker Disk Encryption“, “Operating System Disks”
Going to the last partition, in the window on the right, you can see the display of many items. These include the option that you must select “Require additional authentication at startup”
Step 3: Select “Enabled” in the left part of the window that appears and check the “Allow BitLocker…” option. You should confirm the performed actions by clicking the “Apply” button.
How do I unlock an encrypted disk?
Unlock encrypted drive with selected unlock method. It can be a unique pin code that should be entered at the beginning of the operation, or connection of the flash drive key. After unlocking, the user can configure BitLocker operation, change password or remove encryption.
It should be noted that BitLocker is a rather demanding utility that spends computer resources while running. With the drive encryptor enabled, system performance can drop by as much as ten percent.
How do I password protect individual folders and files?
The EFS Data Encryptor feature may seem limited and not very easy to use on a network, so many users resort to encrypting their data with the built-in WinRAR data archiver. By packing files into the archive, you can add a password that protects the files from being viewed by third parties.
To encrypt a folder or file, follow the steps:
Step 1: Select the desired folder or file and right-click on it. In the list that opens, select “Add to archive”
Step 2: In the window that opens, select “Set Password”. In the next window, you should enter your password twice and click “OK”
Step 3: The final step is to select the compression method, name, and other parameters of the future archive with the password. These parameters can be selected at your discretion.
You will now need to enter your password when opening the archive.