From the course: Securing Windows Server 2019

Implementing EFS - Windows Server Tutorial

From the course: Securing Windows Server 2019

Start my 1-month free trial

Implementing EFS

- [Instructor] To implement EFS in a Windows environment is actually quite simple. And to demonstrate it, here I'm on a Windows Server computer, and we are just simply in File Explorer, and I want to tell you, this is pretty much just a newly-installed copy of Windows Server and nothing's been done to the machine except for one thing. And that one thing is is that I have created a folder on my C drive here called EFS, okay, very simple. Now in order to actually make the files encrypted within this EFS folder using EFS, all you have to do is go to the properties of the folder by right-clicking and selecting Properties, and then right on the General tab, click the Advanced button. Here in the Advanced window down near the bottom, you'll see there's a section here that says Compress Or Encrypt Attributes. And there's a checkbox for compressing contents to save disk space or to encrypt contents to secure data. And that's what we want, we want to encrypt content to secure the data, and then click OK, and OK once again, and ta-da, everything that gets saved into this folder will now be encrypted using EFS. But you might be thinking wow, that was a whole lot of nothing, and how do I know? Well, first of all, there is something that used to be a default setting and then Microsoft got rid of it. And that is that you should use some form of color-coding to make sure that you know that this folder is going to be encrypted. And the way we do that is by going up to the View menu, and then selecting under Options, Change Folder and Search Options. And then go to the View tab, scroll down just a little bit, and you'll see there's an option here for Show Encrypted or Compressed NTFS Files in Color. So I'm going to check that box, click OK, and ta-da, now my EFS folder is in green. Okay and that tells me that these files are going to be encrypted. Now if I go into the folder and I go ahead and create a text document, right? Just any text documents, so we'll just say Sample EFS File. Didn't have to do anything to it, just because it's inside the folder that I established as being EFS-encrypted, it's encrypted. Now I'm going to go into the properties of this file and show you again in the Advanced window here, again, the box is already checked, Encrypt Contents to Secure Data. But there is also this Details button here, and the Details button is where we would go in and add additional users, okay? So when I click on Details, well you'll notice that Administrator is already listed, and that's 'cause I'm logged in as the administrator, but if I wanted to add any additional users, I would just click the Add button and add another user. Now I cannot demonstrate this for you because like I said, this is just a newly-installed machine, I haven't created any extra users, but if I did, I would go ahead and add them here. And as I add individual users, then we go ahead and what the system will do is it'll create that extra data decryption field using that user's public key to secure. Alright, now there is only one more thing that I do want to point out, it's not necessarily specifically related to using EFS, but it's important to know. If you also happen to have an interest in using compression, you need to know that you cannot compress and encrypt, alright? So even though it looks like check boxes, which means you should be able to select anything, they should've done basically radio buttons because if I click on Compress, you'll see here that Encryption goes away. And if I click on Encrypt, then Compression goes away, alright? So I only point that out because if you are on a folder that's already compressed, well then you will not be able to also encrypt it. Alright, so that is how EFS is implemented in Windows.

Contents