How to Encrypt Data Using EFS in Windows 2000

ID: Q230520

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SUMMARY

This article describes how to encrypt data using the Encrypting File System (EFS) in Windows 2000.


MORE INFORMATION

The Encrypting File System (EFS) is the file encryption technology Microsoft uses to encrypt data directly on volumes that use the NTFS file system. You can use the encrypted data the same way you use non-encrypted data. In addition, you can configure permissions for your encrypted data to prevent unauthorized use. Someone who does not have the correct permissions receives an Access Denied error message if they try to open, copy, move, or rename an encrypted file or folder.

To encrypt data, follow these steps:

  1. Right-click the Start button, click Explore, and then browse to the file or folder you want to encrypt.


  2. Right-click the file or folder you want, and then click Properties.


  3. Click Advanced, click to select the Encrypt Contents To Secure Data check box, and then click OK.


  4. Repeat steps 2-3 for each file or folder you want to encrypt.


NOTE: If you encrypt a folder, all the files and folders contained within the folder are encrypted.

You can use the Cipher.exe tool to display or encrypt data at an MS-DOS prompt. To encrypt a file using the Cipher.exe tool, type a command similar to the following line at the MS-DOS prompt:
cipher [/E | /D] [/S:dir] [/I] [/F] [/Q] [dirname [...]]
The command line switches are defined in the following table. To view this information at the MS-DOS prompt, type cipher /? at an MS-DOS prompt.
Switch Description
/E Encrypts the specified directories. Directories will be marked so that files added afterward will be encrypted.
/D Decrypts the specified directories. Directories will be marked so that files added afterward will not be encrypted.
/S Performs the specified operation on directories in the given directory and all subdirectories.
/I Continues performing the specified operation even after errors have occurred. By default, CIPHER stops when an error is encountered.
/F Forces the encryption operation on all specified directories, even those which are already encrypted. Already-encrypted directories are skipped by default.
/Q Reports only the most essential information.
dirname Specifies a pattern, or directory.


Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.

NOTE: EFS does not work on file that use the System attribute. Your computer could become unusable if you encrypt Windows system files. Also, note that EFS cannot be used on compressed files or folders. There are additional switches available with the command line utility Cipher.exe. To view them use the cipher /? command.

Additional query words: compression

Keywords : kbenv kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: January 11, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.