How to encrypt/decrypt files and folders in MS Windows?


If you are looking to make your files and folders secure in Windows, then there is an inbuilt feature available for operating system. The feature is called Encrypting File System (EFS) and it stores your data in an encrypted format to prevent unauthorized access. But this advanced feature is only available for Windows Pro and Windows Enterprise users. The Windows Home users do not get this feature.

For Pro and Enterprise users, you can access this encryption feature by right clicking on a file or folder. It is accessible through Properties > General > Advanced. You will have to check a box that says Encrypt contents to secure data and hit OK or Apply to make the changes to your folders and files under it.

How to Encrypt a File/Folder

Here are the detailed steps to encrypt a files and folder in Windows Pro or Enterprise:
  • Browse and navigate to a file or folder that you want to encrypt.
  • Right click on it and then click on Properties.
    Folder Properties
    It will display the properties panel. The default tab is General.
  • In the default tab, you will find a button called Advanced. Click on it.
    Advanced Button of Folder Properties
  • Check the box that says Encrypt contents to secure data.
    Advanced Attributes of Folder
  • Click on the two OK buttons and you’re done.

How to Decrypt an Encrypted File or Folder

To decrypt an encrypted file or folder in MS Windows, you will have to access the same Advanced Attributes and turn off the check box that you’ve ticked.
The steps to do so:
  • Navigate and browse to the encrypted file.
  • Right click on it and then click on Properties.
  • While in the General tab, click on the Advanced button.
  • Removed the check from the checkbox that says Encrypt contents to secure data.
    Check Mark Removal for Unencryption
  • Click on the two OK buttons in the dialog boxes and you are done.

About EFS Certificates and Backing it up

When you create an encrypted file or folder for the first time, your EFS security certificate will be created. Back up the certificate file in a secure location like cloud drives so that you can always have access to it. If you lose this file or if the file gets messed up you won’t be able to access your encrypted folders/files.
To back up the EFS Certificates:
  • Click the Windows key + R to open the Run Dialog Box.
  • Type certmgr.msc in it and then click on OK (or hit Enter key).
    Run Dialog Box
  • You will be shown the Certificates for the Current User.
  • Navigate to Personal > Certificates.
    Personal Certificates
    You will see certificates with random like Issued to information.
  • Find the certificate that says Encrypting File System under Intended Purposes and click on it to highlight it.
  • From the Menu bar select Action > All Tasks > Export.
    Certificate Export StepOr you can right click on the certificate and then click on All Tasks > Export. A Certificate Export Wizard will show up.
  • Click next on the Certificate Export Wizard and select Yes, export the private key and hit Next again.
    Certificate Export Wizard
  • Make sure that Personal Information Exchange radio button is checked along with Include all certificates in the certification path if possible. Hit the Next button.
    Selecting Personal Information Exchange
  • Check the Password box and enter a secure password twice. Hit next.
    Entering Password
  • For File to export click on Browse, give a file name and hit Save. Hit Next.
    Certificate File Name
    It will be saved as a Personal Information Exchange (*.pfx) file.
  • In the final step, you will be shown the overview. If everything looks good, click on Finish.
    Export Successful for Certificate
    You will be met with a confirmation “The export was successful”, hit OK and you will find the file in the location where you placed it. Keep it safe and secure.

What to do if Encrypt Contents to Secure Data options is disabled?

If you are unable to access the Encrypt contents to secure data option in Windows, then you will have to:
  • Open the Run dialog box by pressing the Windows Key and R together.
  • Type regedit in Open: and then press OK.
    Running regedit
  • The User Account Control dialog box pops up, then press OK to give it admin rights and authorizations to make changes to your computer.
  • Windows Registry Editor will open up. You will have to be careful when you make changes in the Registry Editor.
  • From the left pane, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
    You will have to click on those little arrows to expand or navigate into the next level. The FileSystem registry settings will be displayed on the right.
  • Look for NtfsDisableEncryption of type REG_DWORD, right click on it and click Modify.
    NtfsDisableEncryption Modification
  • Edit DWORD dialog will be shown. Change the Value data from 1 to 0. Click on OK.
    Editing DWORD
  • Restart to put those registry changes into effect and you’re done.