Setting up encryption in Windows
Encryption is used to secure data that others shouldn't be able to read; for example, social security numbers (SSN) or financial data. These are suggested methods for using encryption in Windows, but they should always be used with discretion and caution. (You don't want to lock yourself out from the information either.) It is also highly adviseable to make a backup of your information before implementing.
How to Encrypt a file or folder in Windows XP, Vista, Windows 7
1. Click Start, point to All Programs, point to Accessories, then click on Windows Explorer
2. Locate and right-click on the file or folder* that you want to encrypt and click Properties.
3. On the General tab, click Advanced.
4. Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK.
5. Click on ok to close the folders Properties window.
6. In the Confirm Attribute Changes dialog box, choose one.
• If you want to encrypt only the folder, click Apply changes to this folder only, and then click OK.
• If you want to encrypt the contents in the folder along with the folder click Apply changes to this folder, subfolders and files, and then click OK.
7. Windows will now proceed to encrypt your data. How long it takes depends on the amount and size of the files you choose to encrypt. When it is complete the folder will be encrypted.However, this does not mean that others cannot view the contents of the folder. Encrypting the files prevents them from opening items in the encrypted folder.
Note: While it is possible to encrypt both files and folders, Microsoft’s Best Practices suggest encrypting folders not individual files. This prevents applications from unintentionally removing the encryption from a file. For more information see http://support.microsoft.com/kb/223316
Things to do after you encrypt your data
Now that you have encrypted your folders it is important that you do not skip this step to ensure that you do not lose access to your files should you forget your password.
If you do not do this and forget your password, there will be no way to recover your data. It is important to back up your certificate and store it in a secure location.
How to backup your certificate
1. Start Microsoft Internet Explorer
2. On the Tools menu, click Internet Options
3. On the Content tab, in the Certificates section, click Certificates.
4. Click the Personal tab.
Note: you may have multiple certificates listed. Click on each one until you find the one that has the certificate intended purposes field showing encryption file system.
5. Click Export to start the Certificate Export Wizard, and then click Next.
6. Click Yes, export the private key to export the private key, and then click Next.
7. Click Enable Strong protection (not an option in all versions of Windows), and then click Next.
8. Type and confirm a password (You must use a password to protect the exported certificate)
9. Specify the location of where you want to save the key. You can back up to a floppy disk, another location on your hard-drive, or a USB drive. You can also back up the certificate to multiple locations.
10. Specify the destination and click Next.
11. Click Finish. You should be told the export was successful. Click OK.
12. Click close to close the certificates window, then click OK to close the Internet Options window.
How to decrypt an encrypted file or folder
Decrypting a folder uses basically the same process of encrypting the file, but in reverse order.
1. Right-click on the folder or file you want to decrypt, then click Properties.
2. Click Advanced
3. Click to clear the Encrypt contents to secure data check box to decrypt
4. Click OK to close the Advanced Attributes dialog box.
5. Click on ok to close the folders Properties window
6. If it is a folder, and it has files in it, the Confirm Attribute Changes dialog box appears. You can choose to decrypt only the folder, but this won’t decrypt any of the files in the folder.
7. If you want to decrypt all the contents of the folder, click Apply changes to this folder, subfolders, and files, and then click OK.
Starting with Windows Vista there is the additional security layer of encryption with BitLocker Drive Encryption in the Enterprise and Ultimate versions. This is a hardware based data protection feature which allows users to encrypt their entire hard drive.
Contact site licensing at www.hawaii.edu/sitelic to ensure you purchase the correct version of Windows Vista or 7 to use this feature
It is imperitive you do not lose the password you set for BitLocker. If you do, your data may not be able to be recovered.
More information BitLocker can be found at