Leagan Gaeilge
Text Version
Display: Zoom
(-)
(+)
View ( Normal High contrast )
Printer Friendly
A to Z
Sitemap
Warning: Your browser doesn't support all of the features in this Web site. Please view our accessibility page for more details.
- NUI Galway Home
- ISS Home ››
- About Us ››
- Services for Students ››
- Services for Staff ››
- Academic Web Service ››
- Advice & Support ››
- Agresso ››
- Campus Account ››
- Anti-Virus and Malware ››
- Desktop Support ››
- eMail ››
- Exams ››
- ICT Regulations
- Lecture Theatre Computers ››
- LEAS Linux Environment
- Network Storage ››
- PC Suites ››
- Quercus Plus ››
- Saving Energy
- Service Request
- Software ››
- Telecommunications ››
- Travel and Subsistence ››
- Training
- Virtual Servers
- Web Services ››
- Wireless ››
- Projects ››
- Data Protection
- ICT Policies ››
- Service Catalogue ››
- Access and Authentication
- Alumni Services
- Assistive Technology
- Data Centre Services
- Dynamics CRM
- Exam Services
- Facilities Management
- File Storage/Shares
- Financial Management (Agresso)
- HR/Payroll (CORE)
- Lecture Theatre PCs
- Network Connectivity
- PC Suites
- Placement Services
- Printing
- Service Desk
- Software
- Staff Desktop Support
- Staff eMail
- Student eMail
- Student Records (Quercus)
- Student Support Services
- Telephone Services
- VLE (Blackboard)
- Web Services
- A to Z
- Sitemap
- Important Links
- Staff eMail
- StudentMail
- Blackboard
- Print Credit
- Service Desk Ticketing System
Staff, Desktop support, Data encryption
How to encrypt and decrypt using the Encrypting File System
The following steps encrypt and decrypt a file or folder using the Encrypting File System.
The drive must be formatted as NTFS to support EFS:
Right click on your
C: and select
Properties to check if NTFS is your File System type
Encrypting a folder
Although you can encrypt files individually, we strongly recommend that you designate a specific folder for storing encrypted data.
To encrypt a folder and its current contents, follow these steps:
- Right-click the folder that you want to encrypt, and then click Properties.
- In the Properties dialog box, click Advanced.
- The
Advanced Attributes dialog box displays attribute options for compression and encryption. This dialog box also includes archive and indexing attributes.
Note Although the NTFS file system supports both compression and encryption, it does not support both at the same time. This means that you can only select one or the other. A file or folder cannot be both encrypted and compressed at the same time.
To encrypt the folder, click to select the Encrypt contents to secure data check box, and then click OK. - Click OK to close the Advanced Attributes dialog box.
- If the folder you chose to encrypt in steps 1 to 3 already contains files, a
Confirm Attribute Changes dialog box will appear.
You can choose to encrypt only the folder so that all files subsequently moved to the folder or created in this folder will be encrypted. If you want to also encrypt all the contents of this folder, click Apply changes to this folder, subfolders, and files, and then click OK. - Scroll down to section on Backing Up Certificates
Decrypting a folder
To decrypt a folder, use basically the same process but in reverse order:
- Right-click the folder that you want to decrypt, and then click Properties.
- Click Advanced.
- Click to clear the Encrypt contents to secure data check box to decrypt the data.
- Click OK to close the Advanced Attributes dialog box.
- Click OK to close the Properties dialog box.
- If the folder has files in it, the Confirm Attribute Changes dialog box appears. You can choose to decrypt only the folder. However, this will not decrypt any files currently contained in the folder.
If you want to decrypt all the contents of this folder, click Apply changes to this folder, subfolders, and files, and then click OK.
Additional information
How files are encrypted
Files are encrypted through the use of algorithms that essentially rearrange, scramble, and encode the data. A key pair is randomly generated when you encrypt your first file. This key pair is made up of a private and a public key. The key pair is used to encode and decode the encrypted files.
If the key pair is lost or damaged and you have not designated a recovery agent then there is no way to recover the data.
Why you must back up your certificates
Because there is no way to recover data that has been encrypted with a corrupted or missing certificate, it is critical that you back up the certificates and store them in a secure location. You can also specify a recovery agent. This agent can restore the data. The recovery agent's certificate serves a different purpose than the user's certificate.
How to back up your certificate
To back up your certificates, follow these steps:
- Start Microsoft Internet Explorer.
- On the Tools menu, click Internet Options.
- On the Content tab, in the Certificates section, click Certificates.
- Click the
Personal tab.
Note There may be several certificates present, depending on whether you have installed certificates for other purpose. - Select one certificate at a time until the Certificate Intended Purposes field shows Encrypting File System. This is the certificate that was generated when you encrypted your first folder.
- Click Export to start the Certificate Export Wizard, and then click Next.
- Click Yes, export the private key to export the private key, and then click Next.
- Click Enable Strong protection, and then click Next.
- Type your password. (You must have a password to protect the private key.)
- Specify the path where you want to save the key. You can save the key to a floppy disk, another location on the hard disk, or a CD. If the hard disk fails or is reformatted, the key and the backup will be lost. (If you back up the key to a floppy disk or CD, you must store that disk or CD in a secure location.)
- Specify the destination, and then click Next.
How to encrypt a file for multiple users
To do this, follow these steps:
- Start Microsoft Windows Explorer, and then select the encrypted file that you want to add additional users to.
- Right-click the encrypted file and then click Properties.
- Click Advanced to access the EFS settings.
- Click Details to add additional users.
- Click
Add. The
Add dialog box will display any other EFS-capable certificates in your personal store or those of any other users who may be in your "Other People" and "Trusted People" certificate stores.
If you do not see the user who you want to add, click Find User to search Active Directory. The Select User window appears. A dialog box displays valid EFS certificates in Active Directory based on your search criteria. If no valid certificate is found for that user, a message will inform you that there are no appropriate certificates for the selected user. In this case, the intended users must send you a copy of their certificate for you to import. You can then add them to your encrypted file. - Select the certificate of the user who you want to add, and then click OK. You will be returned to the Details tab, and the tab will show the multiple users who will have access to the encrypted file and the users' EFS certificates.
- Repeat this process until you have added all the users who you want to add. Click OK to register the change and continue.
Note Any user who can decrypt a file can also remove other users if the user who does the decrypting also has write permissions on the file.
Phone: Admin: eMail: Support ICT Regulations
This page was last updated Wednesday, October 20, 2010