Windows 8 offers two ways to protect your files and folders: permissions and encryption.
Using permissions
Every file and folder has its own set of permissions. These permissions define which users can open, edit, and delete files. The default settings work for most users, so you might never have to see or change permissions.
However, if you’re curious, right-click a file or folder in File Explorer, click Properties, and then select the Security tab. Permissions consist of a list of different users and groups and the rights they have to that file or folder. This list is known as an access control list (ACL).
The above screenshot shows typical permissions for a system folder: the Everyone group (which, logically, applies to everyone on the computer, including guests) can read files and run apps. The SYSTEM account and the Administrators group (both of which are also logically named) can also update files. These permissions allow a user with administrator privileges (such as the first account you created on your computer) to update system files but prevent standard users from updating files, reducing the risk of malware infecting your computer.
The above screenshot shows typical permissions for a user folder. A user can access his or her own files, as can the SYSTEM account and members of the Administrators group. No other users are allowed to access the files, however. Because the Everyone and Users groups are not listed, members of those groups can’t view or edit files in this folder.
If you want to share a folder or files with another user on the same computer, simply drag them to a public folder. Public folders are located within C:\Users\Public. Other users on the same computer will be able to access files in the same folder.
Permissions are useful for protecting your privacy because other users who log on to your computer by using their own account won’t be able to accidentally access your files. However, you shouldn’t rely on permissions for security purposes. Permissions can be bypassed simply by starting a computer from an operating system other than Windows.
Using encryption
Encryption changes how Windows stores your files but not how you access them. Encryption is a process that replaces your files with seemingly random data. With the right security key, however, you can decrypt the files and access their contents.
Encryption complements permissions perfectly. Whereas permissions can be bypassed by starting your PC from a different operating system, encrypted files are completely unreadable to other operating systems. Windows 8 provides file encryption using a feature called Encrypting File System (EFS). EFS encrypts each user’s files with a unique key. When you log on, all your files are automatically decrypted when you access them, so there are no additional steps for you to take. Other users can decrypt your files only if you specifically share the files with them.
To encrypt a file or folder, right-click it in File Explorer and then click Properties. On the General tab of the Properties dialog box, click the Advanced button. As shown in the below screenshot, select Encrypt Contents To Secure Data. Click OK twice, and you’ll be given the option to encrypt subfolders and files.
The first time you encrypt something, Windows prompts you to back up your recovery key. While you will probably never need to directly access your key, backing up your key is really important, because if your key gets corrupted for some reason, you won’t be able to access your encrypted files.
Windows stores your key in a certificate, so to back up your key, Windows uses the Certificate Export Wizard. The wizard is used for other types of certificates as well, so it has many options you won’t use. Simply accept the default settings on the Export File Format page and provide a password on the Security page.
If you miss the notification to back up your key, you can back up your key at any time by using the Encrypting File System tool. Search Settings for encrypt, and then select Manage File Encryption Certificates. On the Select Or Create A File Encryption Certificate page, accept the default settings. On the Back Up The Certificate And Key Page provide a password and select a backup location. Don’t select any files on the Update Your Previously Encrypted Files page.
You should back up your encryption key somewhere other than your computer: use SkyDrive, a USB flash drive, a writable CD or DVD, or a different computer.
If you ever need to recover your EFS-protected files (for example, if you connect your drive to a different computer), follow these steps:
1. At the Start screen, type certmgr.msc. Select Certmgr.
2. Select the Personal folder.
3. On the Action menu, click All Tasks, and then click Import. The Certificate Import wizard appears.
4. Click Next.
5. On the File To Import page, click Browse. In the lower-right corner, click the file types drop-down list and select Personal Information Exchange. Now, select your EFS certificate backup. Click Open, and then click Next.
6. On the Private Key Protection page, type the password and select the Mark This Key As Exportable check box. Do not enable strong private key protection. Click Next.
7. On the Certificate Store page, click Next.
8. Click Finish.
Now, you should be able to open the EFS encrypted files.
0 comments