NTFS is a high-end file system that provides security, reliability supported by Winnt. For example: NTFS guarantee the consistency of volume by using standard transaction record and restore technology, if the system fails, NTFS will use log files and checkpoint information to recover the consistency of the file system. In Win2000 and WinXP, NTFS can also provide advanced features such as file and folder permissions, encryption, disk quotas, and compression.
Why do we want to make a file encryption method? We can explain its necessity from two aspects (provided must be your partition file format NTFS format):
1. From the system security perspective, you need to set user access to the protected file or folder object, and NTFS file encryption can effectively protect data. 2. The file encryption is also necessary from the personal privacy consideration.
First, encrypted files or folders
Step 1: Open the Windows Explorer. Step 2: Right-click on the file or folder you want to encrypted, and then click Properties. Step 3: On the General tab, click Advanced. Check "Encrypted Content to Protection Data" check box (Figure 1). Pay attention to the following five points during the encryption process: 1. To open "Windows Explorer", click Start → Programs → Accessories, and then click Windows Explorer. 2. You can only encrypt the files and folders on the NTFS partition volume, the files and folders on the FAT partition volume are invalid. 3. The compressed file or folder can also be encrypted. If you want to encrypt a compressed file or folder, the file or folder will be decompressed. 4. Files that cannot be encrypted as "system" attributes, and files in the SystemRoot directory structure cannot be encrypted. 5. When encrypted folders, the system will ask if it is necessary to encrypt its subfolder at the same time. If the selection is, it will be encrypted, and all files and subfolders in the folder will be automatically encrypted when adding.
Second, decrypt file or folder
Step 1: Open the Windows Explorer. Step 2: Right-click Encrypted Files or Folders and click Properties. Step 3: On the General tab, click Advanced. Step 4: Clear the "Encrypted Content to Protection Data" checkbox.
Similarly, we pay attention to the following issues during the decryption process: 1. To open "Windows Explorer", click Start → Programs → Accessories, and then click Windows Explorer. 2. When it is solved with the folder, the system will ask if all files and subfoldes within the folder are designed to be constructed. If you select only a Decipse folder, the encrypted file and subfolders in the decryption folder remain encrypted. However, new files and folders created in the decrypted folder will not be automatically encrypted.
The above is the use of file plus, decryption methods! We may encounter some problems in the process of use, which will be described below: 1. Advanced buttons cannot be used: Encrypted file system "EFS" can only handle "NTFS" Files and folders on the file system volume. If you try to encrypt file or folder on the FAT or FAT32 volume, the advanced button does not appear in the properties of the file or folder. Solution: Convert volumes into NTFS volumes with conversion utilities. Open the command prompt. Type: Convert Drive / FS NTFS (Drive is the drive letter of the target drive)
2. When the encrypted file is turned on, the "Reject Access" message is displayed: Encrypted File System "EFS" is encrypted with the public key certificate, and the private key associated with the certificate is not available on this computer. Solution: Find the right key to the appropriate certificate and use the certificate management unit to import the private key into the computer and use it on this unit.
3. Users based on NTFS on file encryption, reloading system encrypted files that cannot be accessed (Note: Before reloading WIN2000 / XP): Back up the encrypted user's certificate): Step 1: Log in to the computer with encryption user. Step 2: Click Start → Run, type "MMC", and then click OK. Step 3: On the Console menu, click Add / Delete Administration Unit (Figure 2), and then click Add (Figure 3). Step 4: Under Separate Management Unit, click Certificate, and then click Add (Figure 4). Step 5: Click "My User Account", then click "Finish" (Figure 5, if you encrypt users are not administrators, this window will not appear, directly to the next step). Step 6: Click Close, and then click OK. Step 7: Double-click "Certificate - Current User", double-click "Personal", then double-click "Certificate". Step 8: Click the certificate that displays the "Encrypted File" in the "Expected Destination" column. (If you are 2003, the appearance is a certificate of an administrator name (Figure 6)) Step Nine: Right-click the certificate, point to All Tasks, and then click Export. Step 10: According to the instructions of the certificate export guide, the certificate and related private key are exported in PFX file format (note: "Export private key" mode is recommended, so that the certificate is guaranteed to protect the certificate to prevent others. In addition, certificates Can only be saved to your directory with read and write permissions). 4. Save a certificate to pay attention to save the PFX file. After reinstalling the system after reinstalling this certificate file, you can access this private certificate to access the NTFS system's original user encrypted folder (Note: Encryption on the NTFS partition backed up by backing up recovery) Folders cannot be restored to non-NTFS partitions).
Finally, you must also implement the following purposes: (1) Permissions to different users access the encrypted folder will be exported by the "export private key" mode, send the certificate to this folder. Other users of this unit. Then log in to him, import the certificate, and achieve access to this folder. (2) Recipure the encrypted folder backup with the "Backup Recovery" program on the previous encryption folder backup of the "Backup Recovery" program, and then copy the generated backup.bkf together with this certificate. To another WinXP machine, use the "Backup Recovery" program to recover it (note: can only be restored to the NTFS partition). Then import the certificate to access the recovered file.
Click the "Start → Run" command, enter "Certmgr.msc" after the Open Run dialog box, press Enter to turn on the certificate manager. Under the "Current User → Personal → Certificate" branch, we can see a certificate named named your username (if you have not encrypted any data on the NTFS partition, this is not a certificate). Right-click this certificate and select "Export" command under All Tasks. The system opens the certificate export wizard, then click Next to ask the wizard to ask if you export the private key, select "Export Problem", and other options reserve the default setting, and finally enter the user's password and Want to save the path and confirm that the export work is complete. The derived certificate is a file that is suffixed by PFX.
1. Change the file encrypted folder color
Q: I used the Windows XP system. After encryption of the files in the NTFS format, the color of the folder turned light green. I would like to ask if I don't want it to present other colors, as long as I have a yellow, I will appear yellow. How can I recover? Yes, if I want to change its color, don't you do? A: If you don't want the encrypted file to present other colors, you can select "Tools → Folder Items → View" in my computer, cancel the "NTFS file" in color display encryption and compression "check box. If you want to change the file color, you can find "HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Explorer" in the registry, then create a binary value "AltenCryptionColor", change its RGB mode, enter the color data directly, reboot After that.
2. Do not let other users see the encrypted folder
Q: Can I not let other users can see by file encrypted file clamping, only I am visible?
A: If you want other users can't see your files at all, you can set the folder to private, specifying other users to limit users. In addition, in the file properties window you can also set whether other users can allow the folder to be used, whether to modify deletion, NTFS file encryption is still very good, please rest assured.
3. Cannot access the encrypted folder
Q: My computer sets a number of users, and sets the user access password for the corresponding folder. I accidentally delete one of the password users. Now the user doesn't access it, how to Do it?
A: This problem is more headache, see this can solve: First log in as Administrator, remove "Use Simple File Sharing" in the "View → Advanced Settings" list in the folder option, then switch to the file lost user The clip, open its property window, can see any of the users who have not allowed access under the "Security" option, click the Advanced button to enter the Advanced Settings interface. Switch to the "Owner" option, where you have your user list, select it, select the "Add Permissions and Owner" checkbox, click Apply to add settings, this You can see your name in the Permissions tab, so you can access the file.
4. Back up the certificate decryption file for the encrypted file
Q: I often listen to someone who said that the certificate of the backup of the encrypted file is very important. Is I backup it to other partitions, or other places, or use it as usual?
A: When ensuring that the certificate decryption file is not damaged, it is no problem, even you reinstall the system or change the user. As long as the certificate decryption file is not problematic, you can decrypt the file.
5. Will the electronic certificate safe?
Q: We often see the electronic certificate, just get it, you can use and modify it, if I have a very important file, then others can use the certificate file to access, is it very unsufer?
A: This big must not worry, when the certificate decryption file is derived, you can choose the password protection when you keep confidential, or if you have no password, if your worries are not worried? The certificate file is very important. It is recommended that everyone should keep it in a safe place.
