Sei sulla pagina 1di 6


The goal of this lab is to help you work with Windows file and folder encryption. File and
folder encryption is one method you can use when you want to secure important and private
data. In this lab, you learn how to encrypt a folder and how to back up your encryption key.
You also learn what happens when someone tries to use an encrypted file without permission
and how to move encrypted files from one storage device to another and from one computer
to another. After completing this lab, you will be able to:

z Encrypt a folder z Save files to the

encrypted folder
Back up the encryption certificate key
Attempt to access the encrypted files as a different user
Observe what happens when you move or copy an encrypted file or folder to another

This lab requires the following:
Windows 7 operating system, Professional, Ultimate, or Enterprise edition

Before the lab begins, the instructor or lab assistant needs to do the following: Verify
that Windows starts with no errors

Despite your best efforts to set secured permissions to files and folders, unauthorized users
might still gain access to sensitive files. To decrease the possibility of this type of security
breach, you can use file encryption, which prevents unauthorized users from being able to
view files, even if they do manage to gain access to them. The EFS (Encrypting File System)
is a Windows feature that allows a user to store information on his or her hard drive in an
encrypted format. (EFS is not available in Home editions of Windows.)
You can encrypt individual files or entire folders. Encryption is the strongest protection
that the operating system offers to keep your information secure. The EFS is available
on hard drives that are set up as NTFS drives. In this lab, you create and encrypt a folder
and its contents. Then, you test the encryption and back up the encryption certificate
key. Finally, you learn how to decrypt a file and move an encrypted file to another
Follow these steps to prepare your system for this lab:
1. Log on as an administrator.
2. Use Control Panel to create a new standard user account. Assign a password to the
account. List below the name and password of the new account;

3. In Windows Explorer, open the Documents library.

4. Create two folders in the Documents library named Normal Test and Encrypted Test.
5. Open WordPad in the .Accessories group and use it to create a document in each test
folder. Name each document TestFile.
6. Verify that in the Documents Library you now have two folders and a file in each folder.
Now that you have the system prepared, let's work with the Encrypting File System. Follow these steps:
1. In the Documents library, right-click the Encrypted Test folder and select Properties from
the shortcut menu.
2. On the General tab of the Properties box, click Advanced.
3. The Advanced Attributes box appears. Check Encrypt contents to secure data and click
4. Click OK to close the Encrypted Test Properties box.
5. A Confirm Attribute Changes box appears. This box indicates the attribute encrypt has
been chosen and asks how you want to apply this attribute. Select Apply changes to this
folder, subfolders and files. Click OK to close the dialog box. A taskbar bubble might
appear reminding you to back up your file encryption certifiçate and key.
When you start encrypting information, it is important to back up your cncryption certificate. This is your
key that unlocks the data. If you lose this key or the key is damaged and you didn't make a backup, the
encrypted information can forever remain locked.
Follow these steps to create a backup of the encryption certificate:
1. Click Start, enter certmgr.msc in the Search box, and press Enter. The certmgr window
opens (see the left side of Figure 18-6).
Source: Microsoft Windows 7

Figure 18-6 Use the certmgr window to back up encryption keys

2. In the left pane, drill down to Personal, Certificates. In the right pane, select the
certificate that shows Encrypting File System in the Intended Purposes column, as shown
in Figure 18-6. If more than one certificate is listed, select them all.
3. In the menu bar, click Action, All Tasks, Export. The Certificate Export Wizard appears as
shown on the right side of Figure 18-6. Click Next.
4. Select Yes, cxport thc private key, and click Next.
5. Select Personal Information Exchange for the file format, and click Next. The backup of
the key will bc saved in a .pfx file.
6. Create T password for your key. Click Next. Write the password below:

7. Click Browse. Navigate to where you want to save the file, name the file Encryption Key
Backup, and click Save. What is the exact path and name of the file, including the file

8. To complete the process, click Next, Finish, and OK.

Now that you have encrypted the folders and backed up the encryption key, let's investigate how an
encrypted folder works. Follow these steps:
I. In Windows Explorer, in the Documents library, what is the new color of the Encrypted
Test folder name? What is the color of the filename in this folder?
Notes If the folder is not shown in a different color, you can fix that setting. To do so, click in
the window toolbar, and click Folder and search options. In the Folder Options box,
Organize View tab (see Figure 18-7), and check Show encrypted or compressed NTFS files in color.
click the
Click 0K.


Figure 18-7 Change the way folders and files appear in

Windows Explorer

2. Verify the file in the Encrypted Test folder is encrypted. How did you verify encryption is applied?

3. Copy both the Normal Test folder and Encrypted Test folder to the root of drive C. Are the contents of
the Encrypted Test folder in the root of drive C encrypted? How do you know?

4. Copy the Normal Test folder and the Encrypted Test folder to a USB flash drive. Are the contents of the
Encrypted Test folder on the USB flash drive encrypted? How do you know?

5. Log off, and then log on using the standard user account you created earlier in this lab.
6. Open Windows Explorer and locate the Normal Test folder in the root of drive C. Describe what
happens when you double-click the file in the Normal Test folder;
7. Locate the Encrypted Test folder in the root of drive C. Describe what happens when you doublc-click
the filc in thc Encrypted Test folder:

8. Log off, and then log on using your administrator account.

9. Upon reaching the desktop, return to the encrypted folder in the Documents library.
Let's assume you have moved your files to another computer that supports the Encrypted File System.
When you do so, the files are still encrypted. However, you will not be able to use them unless you use your
private key to access the files. You must import the private key to the new computer. Follow these steps to
see how the process works:
1. To import or install your private key on a computer, you must use the Certificate Import
Wizard. To launch it, double-click the Encryption Key Backup file you created earlier.
The Certificate Import Wizard opens. Click Next two times.
2. Enter the password you created to the private key file and click Next. On the Certificate
Store box, click Next. Click Finish. The wizard reports the import was successful. Click
OK. Now that your private key is installed, you can use the encrypted files and folders
you have moved to this computer.
There are times you may need to decrypt a folder or filc to return it to unrestricted use. Follow these steps:
1. In the Documents library, right-click the Encrypted Test folder that you made earlier.
Click Properties. On the General tab, click Advanced.
2. In the Advanced Attributes box, uncheck Encrypt contents to secure data. Click OK.
Click OK again.
3. TO confirm the attribute change, click OK. Verify the file in the Encrypted Test folder is
no longer encrypted. Explain how you know the file is no longer encrypted:

1. Which file system must be used to enable encryption?
Answer: NTFS (New Technology File System.

2. What is necessary so that a USB flash drive can be used to hold encrypted files and
folders? Answer: No, it was not necessary but it can be used as a second backup.

3. When you move an encrypted filc from one computer to a second computer, what must
you do first before you can open the encrypted file on the second computer?

Answer: File must be decrypted with decryption key.

4. What happens to encryption when you move an encrypted file to a Windows 7 Home
Premium computer? Explain your answer:
Answer: File will be inaccessible because the main data is in the original host.

5. What file extension is used for an exported certificate backup file? Answer: The file
extension used .PFX

6. Why is it necessary to back up or export your encryption certificate key? Answer: It is

necessary to back up or export because to ensure decryption when necessary

7. Why is encryption available in the NTFS file system and not in the FAT32 file system?
Answer: Because NTFS is a new system for encryption and more secured than FAT32