Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use EFS to encrypt windows files", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to encrypt windows files with EFS.

I have come across the following questions from many friends:

First, my encrypted file can not be opened, can I convert the NTFS format partition into FAT32 partition can I open it?

Second, I encrypted the data and reinstalled the operating system. Now the encrypted data cannot be opened. Can I open it if I use the same user name and password as the previous system?

Third, use GHOST to restore the system, user accounts and the corresponding SID have not changed, can you open encrypted data files?

All of the above is that after we encrypt files in XP/2000/2003, because of this or that problem, there are often files that cannot be opened and encrypted, resulting in losses to enterprises or individuals. Now I would like to tell you about the specific matters. I hope I can give you some help if you don't mind what I said.

What is EFS?

Full name: Encrypting File System, that is, encrypted file system, it is based on public key policy, it has the advantages of reducing cost, transparency and security.

How to use EFS encryption?

Here, I would like to introduce several methods and matters needing attention and specific requirements when using EFS.

1. Operating system requirements: it must be a new version of the system to be released by 2000/XP/2003 and Microsoft, such as 95/98/me/NT.

2. NTFS version requirements: must be 5. Version 0 or above, that is, NTFS partitions formatted with 2000/XP/2003 and Microsoft's upcoming version of the system can, while NT format NTFS format partition is not, because although it is a NTFS format partition, but the NTFS version is 4. 0.

Here's how to use EFS encryption in 2000/XP/2003:

Right-click the file you want to encrypt-> Properties-> Advanced-> encrypt content to protect data-> OK. The data file is encrypted at this point.

In order to prevent loss and encrypted files can not be opened, then what should we do? If after encrypting the file, the system crashes, and after reinstallation, the encrypted file cannot be opened; after changing the user name or password, the encrypted file cannot be opened; the system can be restored with GHOST, and the encrypted file cannot be opened.

This requires us to pay attention to two key points:

First, back up the key in time.

In 2000, do the following:

Start-> run-> MMC- "add remove snap-in-> add-> Certificate-> my account-> OK.

After the certificate is added to the group policy, select the certificate, individual, right-click the certificate in the right column, select all tasks, export, import the private key, next, default, next, enter the password, and next, back up the certificate to a directory or USB disk to save.

In this way, once you reinstall the system or change the user name or password and other things can not open the encrypted file, only right-click the exported certificate, install the certificate, import. So the encrypted file can be opened again.

The second is to set up a valid EFS encryption recovery agent.

In 2000, do the following:

In 2000, no matter what user encrypted file, as long as the system does not reinstall or make other corresponding changes, then can be opened by Administrator user login. But in addition to adminsitrator, different users encrypted files, can not be opened with each other, such as: in 2000, A users encrypted A files, B users encrypted B files, then A users will not be able to open B files, on the contrary, B users will not be able to open A files, if you want to open An or B files, unless you have to use administrator login. Also, if file A gives user B permission, it's a different matter. The method is: in 2000, after logging in with A user, right-click A file, Properties, Advanced, click details, add, select B user certificate, OK. At this time, once the B user logs in, the B user will also be able to open the A file encrypted by the A user, and vice versa.

Now let's talk about how to set up the recovery agent:

To use other users as recovery agents. If you want to use A user as the recovery agent, you must first log in with administrator, export the Administrator user's certificate, then log in with A user, and put the adminsitrator user certificate into the group policy under A user login. Once the import is successful, A user will become the EFS encryption recovery agent. At this point, user A will be able to open any file encrypted by the user.

At this point, I believe you have a deeper understanding of "how to use EFS to encrypt windows files". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.