This action might not be possible to undo. Are you sure you want to continue?
By Scott Dunn and Scott Spanbauer, PC World
1 | 2 | Next > There's only one way to keep your files truly confidential: Encrypt them. The Encrypting File System (EFS) in most versions of Windows Vista, XP, and 2000 scrambles the contents of files and folders, making it very difficult for snoops to read them. It's easy to make encryption a part of your security arsenal. Get ready to encrypt: EFS is in Windows Vista Business, Enterprise, and Ultimate; XP Pro; and Windows 2000. XP Home lacks EFS, and Vista Starter, Home Basic, and Home Premium allow only decryption--so you can read encrypted files but not encrypt them. To use EFS on a partition, that partition must be formatted using the NTFS file system. Not using NTFS? The switch is easy. See "Go With the NTFS Flow" (the same steps work in Vista). Also, encryption requires that you use a password-protected account. _________________________________________________ Sound Off: How do you keep your files secure? _________________________________________________ Stow your files: To encrypt a file or folder, right-click it in Explorer or any folder window and choose Properties (you can also right-click a group selection to encrypt several files or folders at once). In the General tab, click Advanced, check Encrypt contents to secure data, and click OK twice. If you're encrypting a folder, you'll be asked if you want to encrypt its files and subfolders, as well. Once encrypted, the files or folders will work like any others on your system; you don't have to use any special passwords to open or save them. Other user accounts on the PC, and other PCs on the network, can't view the file contents. Only someone who is logged in to your account with your password can access these files. Streamline the steps: You can shorten the process by adding an Encrypt command to your right-click context menu (the command switches to Decrypt when you right-click encrypted files). You can do this in XP with a quick Registry edit, but you might find it easier and safer to use Tweak UI, a free PowerToy from Microsoft. If you already have Tweak UI on your system, you may need to upgrade to a more recent version. Once Tweak UI is downloaded, installed, and running, select Explorer in the left pane, scroll through the options on the right, and check Show "Encrypt" on context menu. Click OK. Now when you right-click an unencrypted file, you'll see a new command: Encrypt (or Decrypt if you've selected an encrypted item). Choose that option, and respond to any prompts. As of this writing, Tweak UI was incompatible with Windows Vista. However, Totalidea Software's free TweakVI Basic utility allows you to tweak many Vista settings, letting you add the Encrypt/Decrypt commands to the context menu. Make Encrypted Files Stand Out To see at a glance which files or folders on your system are encrypted (or which use NTFS compression, for that matter), open Explorer and choose Tools, Folder Options. Click the View tab, and in the Advanced Settings box, make sure that Show encrypted or compressed NTFS files in color is checked. Encrypted items are green, compressed ones blue. On the other hand, if you don't want others to see which files are encrypted or compressed, uncheck this option. Click OK. XP Pro and Vista users need this tip only if they want to disable the display of encrypted and compressed files in color, which the OSes do by default. To open the Folder Options dialog in Vista's Explorer window, click Organize, Folder and Search Options. Give others permission: To give people who are using your system access to encrypted files, you can specify the individuals by their user name. First, right-click a single encrypted file (not a folder or multiple files, unfortunately), and choose Properties. In the General tab, click Advanced, and next to 'Encrypt contents to secure data', choose Details. In the middle of that dialog box, click Add to open the Select User dialog, which lists others who have a certificate (a digital
document that helps confirm authenticity) on your system. Users can acquire certificates in various ways, but one of the simplest is by encrypting one of their own documents. (For more about certificates, choose Start, Help and Support, type certificates overview, then press <Enter>.) Select a trusted user and click OK. Note that the Find User button in the Select User dialog box won't work unless your network uses Active Directory, a Windows service in which administrators can store and make available information on network objects. Disable, don't delete: Because encrypted files are associated with user profiles, deleting profiles prevents those people from accessing their encrypted files. For example, if an employee named Scott goes on leave but may return, disable rather than delete Scott's profile: In XP, choose Start, Run, type lusrmgr.msc, and press <Enter>. In Vista, click Start and enter the same command in the Start Search field. Click the Users folder icon in the left pane and double-click Scott's profile in the right pane. In the General tab, check Account is disabled and click OK; when Scott resumes working, uncheck this box. A Free EFS Alternative You might need a stronger level of protection than EFS offers. Download the free True-Crypt encryption utility; also see "Get a Cloak of Invisibility With Free Hide Folders" below for another encryption alternative. Lock it all up in Vista's BitLocker: Encrypting your entire hard disk makes it harder for malware to infect Vista's system files, while also making it tougher for snoops to decrypt your files. The BitLocker feature in the Ultimate and Enterprise versions of Vista encrypts the entire partition that the OS is installed on, and stores the encryption key in your PC's Trusted Platform Module chip, or on a USB flash drive. Since USB drives have become ubiquitous, and since most of us lack systems with a TPM chip, the flash drive option is the most attractive. Unfortunately it's disabled by default. To enable this option, click Start, enter gpedit.msc in the Start Search field, and press <Enter> to launch Vista's Group Policy Object Editor. In the left pane, navigate to and select Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption, and double-click Control Panel Setup: Enable advanced startup options. Next, select Enabled, check Allow BitLocker without a compatible TPM, and click OK. Exit the editor. Now whenever you launch the BitLocker Drive Encryption applet in Control Panel, it won't complain about the missing TPM module, and it will offer a new 'Turn On BitLocker' link. BitLocker requires that you be able to boot from your USB drive, and it also must have an additional nonencrypted partition. For further information, click the applet's What should I know about BitLocker Drive Encryption before I turn it on? link. Get a Cloak of Invisibility With Free Hide Folders Sometimes the best way to keep people from prying into your personal folders is to keep the folders' existence secret from the get-go. That's easy to do with Cleanersoft.com's Free Hide Folders. The program lets you make any folder (and its subfolders and other contents) completely invisible with a just a little pointing and clicking. (Note that in Windows Vista, the program may not completely hide some known folders, such as Music in the Documents folder.) Free Hide Folders is password protected, so you're safe even if the bad guys know you're using the product. It also lets you back up your folders' hidden states in case you have a system problem. And as the name says, it's free. _________________________________________________