This article describes how to encrypt a folder by using Encrypting File System (EFS).
Encryption is the process of converting data into a format that cannot be read by others. You can use EFS in Windows XP to automatically encrypt your data when it is stored on the hard disk.
The EFS feature is not included in Microsoft Windows XP Home Edition.
How to Encrypt a FolderNOTE
: You can encrypt files and folders only on volumes that use the NTFS file system.
- Click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
- Locate and right-click the folder that you want, and then click Properties.
- On the General tab, click Advanced.
- Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK.
- Click OK.
- In the Confirm Attribute Changes dialog box that appears, use one of the following steps:
- If you want to encrypt only the folder, click Apply changes to this folder only, and then click OK.
- If you want to encrypt the existing folder contents along with the folder, click Apply changes to this folder, subfolders and files, and then click OK.
The folder becomes an encrypted folder. New files that you create in this folder are automatically encrypted. Note that this does not prevent others from viewing the contents of the folder. This prevents others from opening items in the encrypted folder. For example, if another user attempts to open a Microsoft Word document that has been created in the encrypted folder, the following message appears:
Word cannot open the document: Username does not have access privileges
If another user attempts to copy or move a document from the encrypted folder to another location on the hard disk, the following message appears:
Error Copying File or Folder
Cannot copy Filename: Access is denied.
Make sure the disk is not full or write-protected
and that the file is not currently in use.
- You cannot encrypt files or folders on a volume that uses the FAT file system.
To resolve this issue, store the files or folders that you want to encrypt on NTFS volumes.
- You cannot store encrypted files or folders on a remote server that is not "trusted for delegation."
To resolve this issue, configure the remote server as being trusted for delegation. To do this, use the following steps.
NOTE: You must have administrator privileges to do this.
- Log on to a domain controller.
- Start the Active Directory Users and Computers snap-in.
- In the console tree, expand the domain container. Locate and right-click the server that you want, and then click Properties.
- On the General tab, select the Trust computer for delegation check box (if it is not already selected). Click OK to respond to the "Active Directory" message that appears.
- Click OK, and then quit Active Directory Users and Computers.
- You cannot gain access to encrypted files from Macintosh clients.
- You cannot open documents that are stored by others in an encrypted folder that you create.
When another user creates a document in an encrypted folder, that document is encrypted, allowing (by default) only that user to gain access. Because of this, a folder that you encrypt may later contain files that you are unable to open. If you require access to these files, request that your user account be added to the list of users with whom the encrypted files are shared.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
Best practices for Encrypting File System
How to encrypt a file in Windows XP
How to remove file or folder encryption in Windows XP