Page 875 - Windows 10 May 2019 Update The Missing Manual: The Book That Should Have Been in the Box
P. 875
(actually partitions of the same disk), which you can use for different
purposes.
Encrypting Files and Folders
If your Documents folder contains nothing but laundry lists and letters to
your mom, then data security is probably not a major concern for you. But
if there’s some stuff on your hard drive that you’d rather keep private,
Windows can help you out. The Encrypting File System (EFS) is an NTFS
feature, available in the Pro and Enterprise versions of Windows, that stores
your data in a coded format that only you can read.
The beauty of EFS is that it’s effortless and invisible to you, the authorized
owner. Windows automatically encrypts your files before storing them on
the drive, and decrypts them again when you want to read or modify them.
Anyone else who signs into your computer, however, will find these files
locked and off-limits.
If you’ve read ahead to Chapter 18, of course, you might be frowning in
confusion. Isn’t keeping private files private the whole point of Windows’
accounts feature? Don’t Windows’ NTFS permissions keep busybodies out
already?
Yes, but encryption provides additional security. If, for example, you’re a
top-level agent assigned to protect your government’s most closely guarded
egg salad recipe, you can use NTFS permissions to deny all other people
access to the file containing the information. Nobody but you can open the
file.
However, a determined intruder could conceivably boot the computer using
another operating system—one that doesn’t recognize the NTFS
permissions—and access the hard drive using a special program that reads
the raw data stored there. But if you had encrypted the file using EFS, that
raw data would appear as gibberish, foiling your crafty nemesis.
Using EFS
