This article describes how to use the Windows XP Encrypting File System (EFS) feature to store files in an encrypted format on your hard disk.
Encryption is the process of converting data into a format that cannot be read by others. You can use EFS to automatically encrypt your data when it is stored on the hard disk.
The EFS feature is not included in Microsoft Windows XP Home Edition.
How to Encrypt a File
You can encrypt files only on volumes that are formatted with the NTFS file system. To encrypt a file:
- Click Start, point to All Programs, point to
Accessories, and then click Windows Explorer.
- Locate the file that you want, right-click the file, and then click
- On the General tab, click Advanced.
- Under Compress or Encrypt attributes, select the
Encrypt contents to secure data check box, and then
- Click OK. If the file is located in an unencrypted folder, you
receive an Encryption Warning dialog box. Use one of the
- If you want to encrypt only the file, click Encrypt the file only, and then click OK.
- If you want to encrypt the file and the folder in which it is
located, click Encrypt the file and the parent
folder, and then click OK.
If another user attempts to open an encrypted file, that user is unable to do so. For example, if another user attempts to open an encrypted Microsoft Word document, that user receives a message similar to:
Word cannot open the document: username does not have access privileges
If another user attempts to copy or move an encrypted document to another location on the hard disk, the following message appears:
Error Copying File or Folder
Cannot copy filename: Access is denied.
Make sure the disk is not full or write-protected and that the file is not currently in use.
- You cannot encrypt files or folders on a volume that uses the FAT
You must store the files or folders that you want to encrypt on NTFS
- You cannot store encrypted files or folders on a remote server
that is not trusted for delegation.
To resolve this issue, configure the remote server as being trusted
for delegation. To do this:
- Log on to a domain controller with an account with
- Start the Active Directory Users and Computers snap-in.
- In the left pane, expand the domain container. Locate the
server you want, right-click it, and then click Properties.
- On the General tab, select the Trust
computer for delegation check box (if it is not already
selected). Click OK to respond to the "Active Directory"
message that appears.
- Click OK, and then quit Active Directory Users and
- You cannot gain access to encrypted files from Macintosh client
- You cannot open documents that were stored by others in an
encrypted folder that you created.
If another user creates a document in an encrypted folder, that
document is encrypted allowing (by default) only that user to gain
access. Because of this, a folder that you encrypt may contain files
that you are unable to open. If you require access to these files,
request that your user account be added to the list of users with
whom the encrypted files are shared.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Best practices for Encrypting File System
For more information about how to use file encryption in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
How To Encrypt a Folder
How to remove file or folder encryption in Windows XP