Encrypting File System (EFS) is an encryption service found in Windows 10 Pro, Enterprise, and Education. A cousin to BitLocker, which can encrypt entire drives at once, EFS lets you encrypt individual files and folders.
Encryption is tied to the PC user, so if a different user is logged in than the user who encrypted the files, those files will remain inaccessible.
EFS encryption isn't as secure as other encryption methods, like BitLocker, because the key that unlocks the encryption is saved locally. There's also a chance that data can leak into temporary files since the entire drive is not encrypted.
Still, EFS is a quick and easy way to protect individual files and folders on a PC that's shared amongst several users. Encrypting with EFS doesn't take long — let's take a look at how it's done.
What you'll need before you begin
EFS is only available on Pro, Enterprise, and Education versions of Windows 10. If you're using Windows 10 Home, you're out of luck. You also need to be using a password with your user account, preferably strong and difficult to crack.
Once you've encrypted a file or folder, Windows will automatically remind you that you should create a backup key in case you run into a problem where you can no longer log into your user account that's tied to the encrypted files. This requires some sort of removable media. In our case, we use a USB thumb drive.
How to enable EFS on Windows 10
Have a file or folder in mind for encryption? Here's how to enable EFS.
- Launch File Explorer from your Start menu, desktop, or taskbar.
- Right-click a file or folder.
- Click Advanced.
Click the checkbox next to Encrypt contents to secure data.
- Click OK.
Click Apply. A window will pop up asking you whether or not you want to only encrypt the selected folder, or the folder, subfolders, and files.
- Click either Apply changes to this folder only or Apply changes to this folder, subfolders, and files.
Files that you've encrypted with EFS will have a small padlock icon in the top-right corner of the thumbnail or icon.
How to back up your EFS encryption key
After enabling EFS, a small icon will appear in the system tray in the bottom-right corner of your screen. This is your reminder to back up your EFS encryption key.
- Plug your USB drive into your PC.
- Click the EFS icon in the system tray.
Click Back up now (recommended).
- Click Next.
- Click the checkbox next to Password.
Type a password in the first Password field.
- Type the same password in the Confirm password field.
- Click Browse.
Click the USB drive.
- Click the File name field.
Type a filename.
- Click Save.
- Click Finish.
That's it. If you ever lose access to your user account, the backup key can be used to access the encrypted files on the PC.