Encrypting Files & Folders with Microsoft Windows EFS

There may be broken links in this article, the GROK staff has been notified and is working to resolve the issue.

Related Article

Precautions, Warnings & Notes

Microsoft Windows Encrypting File System (EFS) is a feature in Windows that stores files in an encrypted format on the hard drive. EFS is available on Professional, Enterprise, and Ultimate editions of Windows 7, and on Professional and Enterprise editions of Windows 8/8.1.


  • Warning: If the user does not have an EFS certificate from Active Directory, Windows will automatically generate one. This certificate should be backed up to prevent data loss.
  • Warning: Moving or copying EFS encrypted files or folders to a device that does not support EFS will result in data being decrypted, transferred, then stored unencrypted at the destination device.
  • Warning: Viruses and malware running as the currently logged in user will still have access to the encrypted files and folders.
  • Warning: The EFS encryption key is tied to a particular user. Anyone who possesses the credentials of that user will be able to log into a system and view the contents of the encrypted files.


  • Note: EFS only works with drives or partitions formatted in NTFS.
  • Note: In addition to the operating system partition, EFS only works on locally attached devices, such as NTFS formatted external hard drives or USB thumb drives. EFS does not work remote file shares such as those on file servers or on Network Attached Storage (NAS).
  • Note: If EFS is enabled for a folder, anything moved into that folder will be automatically encrypted.
  • Note: When encrypting a file and the parent folder is not encrypted, Windows will ask if the user wants to enable EFS for the parent folder as well.
  • Note: If a user does not have the correct certificate to decrypt EFS encrypted files, he/she will still be able to open EFS folder and see the file names but will not be able to open the files.

Enable EFS on a File or Folder

1. Right-click on the folder or file that you want to protect with EFS, and click Properties.

Right-Click on folder and choose Properties in the drop-down menu

2. In the Properties window, click the Advanced... button:

advanced button at the lower right of Properties

3. In the Advanced Attributes window, Check the box "Encrypt contents to secure data" and Click OK at the bottom right.

Advanced Attributes settings

4. Click the Apply button in the Properties window, then click OK to close the Properties windows.

  • The names of encrypted files and folders are displayed in green in Windows Explorer.
11/26/2018 1:50:33 PM