How to Configure EFS (Encrypted File System) in Windows 11?

What is EFS (Encrypted File System) and Why Should I Enable it?

If you share your computer with multiple users, you should think about protecting your own files. The reason is quite straightforward. You don’t want your projects or financial data to be accessed by other users with whom you share the computer or accidentally exposed to the public.

The second reason is that you don’t want that malware that is executed on another user’s rights to change the integrity of your files.

One of the ways to do it is by using EFS (Encrypted File System). Encrypted File System is part of Windows 11 and it helps you to encrypt your files and folders and protect them from unauthorized access.

This article is about enabling and using Encrypted File System in your Windows 11.

How to Enable the Encrypted File System in Windows 11?

In order to enable the Encrypted File System on Windows 11, I use the folder „Financial data“ with two reports. You can apply the same scenario to any other folder.

1. Open File Explorer and navigate to the folder you want to encrypt.
2. Right-click on the folder and then click Show more options, and then click Properties.
3. Click on General and then click Advanced.
   
4. Under Advanced Attributes click Encrypt content to secure data.
   
5. Click OK, and then click Apply and OK.
6. Click Apply changes to this folder, subfolders, and files and then click OK.
   
7. Click OK.
8. Close the window.
9. A new pop-up notification will appear in the Taskbar. Click on it to back up the file encryption certificate and key.
   
10. Click on Backup up now (recommended) to back up the certificate and key to removable media. There are also two more options available, Backup up later (Windows will remind you the next time you log on) and Never back up (You could lose access to your encrypted files).
    
11. Under Welcome to the Certificate Export Wizard and then click Next.
12. Export File Format and then click Next. In the screenshot below, I export Personal Information Exchange – PKCS #12 (.PFX).
    
13. To maintain security, you must protect the private key to a security principal or by using a password. Select the Password, and type the password with a minimum of 10 characters (small letter, capital letter, number, special character)

Under Encryption, you can choose between TripleDES-SHA1 or AES256-SHA256. I use the default one, TripleDES-SHA1.

Once done, click Next.

14. Specify the name of the file you want to export and then click Next.
    
15. Under Completing the Certificate Export Wizard click Finish.
    
16. The export was successful.

When another user tries to access your files, they will be blocked. First, when the user navigates to the file, he/she will notice a lock on the file. That means files are encrypted using EFS.

No, when a user tries to open the file, he/she will get an error as shown below.

Wrap up

If you are sharing your computer with multiple users, you should think about protecting your files from unauthorized access coming from other users or malware. Windows 11 supports a security feature called EFS (Encrypted File System). This article provides you with step-by-step instructions on how to do it.

Can you Disable EFS (Encrypted File System) Once Enabled?

Yes, you can still disable the EFS once enabled. We have a dedicated article on How to Disable EFS in Windows 11