none
Does windows 10 let me encrypt selected files? RRS feed

  • Question

  • I read that you can encrypt a file in windows 10 simply by right clicking on it, choosing properties, then choosing advanced, then clicking on the encrypt-checkbox in the window that appears.

    But in my case, the checkbox is disabled.

    I did some more searching the internet, and found that windows 10 has "bitlocker".   Maybe you have to turn this on for the checkbox to be disabled?

    My questions are:

    1. How do I enable that checkbox

    2. How do I encrypt that file using a password, so I can then save the file to a DVD, and send it to another person who also runs windows 10 and would want to decrypt it (I would tell that person the password via phone)

    Thanks

    Thursday, February 23, 2017 10:14 PM

Answers

  • Bit locker is extremely dangerous and it is only enabled in the Pro versions

    If you absolutely must run bitlocker, carefully store the passcode and recovery keys AND KEEP A current backup


    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    • Marked as answer by rating maven Friday, February 24, 2017 11:29 AM
    Thursday, February 23, 2017 11:39 PM
    Moderator
  • Hi,

    First question:

    If Encrypt contents to secure data option is disabled, let do the following steps to enable it.

    Open Registry Editor, navigate to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

    Look for the NtfsDisableEncryption named registry DWORD (REG_DWORD), since you’re facing the issue, you’ll find that this DWORD having its Value data set to 1. Double click it and set the value as 0, ok.

    Reboot computer and you can tick Encrypt contents to secure data option.

    Second question:

    If you want other people read a file which you encrypted by a password, I think the best way is zipped this file and set a unzipped password. Many compression software have this function, you can make it easily.

    Besides, BitLocker is a Microsoft official encrypted tool, which exits in Pro, Enterprise and Education editions, there are lots of people around world are using this feature, including corporates and individuals, it improve the security for local machine’s data, when your computer accidentally lose, other people can’t get data without your BitLocker password or recovery key. It is just an encrypted tool, not an extremely dangerous thing.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, February 24, 2017 6:27 AM
    Moderator

All replies

  • Bit locker is extremely dangerous and it is only enabled in the Pro versions

    If you absolutely must run bitlocker, carefully store the passcode and recovery keys AND KEEP A current backup


    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    • Marked as answer by rating maven Friday, February 24, 2017 11:29 AM
    Thursday, February 23, 2017 11:39 PM
    Moderator
  • Hi,

    First question:

    If Encrypt contents to secure data option is disabled, let do the following steps to enable it.

    Open Registry Editor, navigate to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem

    Look for the NtfsDisableEncryption named registry DWORD (REG_DWORD), since you’re facing the issue, you’ll find that this DWORD having its Value data set to 1. Double click it and set the value as 0, ok.

    Reboot computer and you can tick Encrypt contents to secure data option.

    Second question:

    If you want other people read a file which you encrypted by a password, I think the best way is zipped this file and set a unzipped password. Many compression software have this function, you can make it easily.

    Besides, BitLocker is a Microsoft official encrypted tool, which exits in Pro, Enterprise and Education editions, there are lots of people around world are using this feature, including corporates and individuals, it improve the security for local machine’s data, when your computer accidentally lose, other people can’t get data without your BitLocker password or recovery key. It is just an encrypted tool, not an extremely dangerous thing.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, February 24, 2017 6:27 AM
    Moderator
  • Bit locker is extremely dangerous and it is only enabled in the Pro versions

    Sadly, as a long-time user of BitLocker, I find the statement a bit dramatic (...extremely dangerous...).

    Yes, it takes a bit of due diligence in order to use it correctly and have no issues (data recovery). To just make the decision without consideration is dangerous, but that is possible for any product on the market.

    Perhaps a better approach is to define BitLocker as a multi-layered tool to secure data. There are basically three levels to secure what needs to be secured:

    1. Low-end: Sharing of data between friends, colleagues and/or teams. This allows the data to be encrypted on a thumb drive or other media, mailed to the recipient and the password provided to that recipient. It avoids encryption of whole drives, drive partitions, or encrypt-as-you-go approach to drive encryption.
    2. Medium-end: Encryption of whole drives, drive partitions or encrypt-as-you-go approach to drive encryption. Here, it protects everything from personal financial data separated from the rest of the system, to key data used by companies and other entities. It allows the drive to be "mounted" only when needed, and avoids exposure to the data when surfing the net. The password entry is part of the "secure desktop" so it can possibly avoid key-loggers and other nefarious approaches to obtain such passwords.
    3. Top-end: This really requires in-depth knowledge of BitLocker, OS Platform and how it reacts to encryption. In particular the use of the TPM why that decision is being made and what other steps were considered before such an approach is made. It allows the encryption of the OS drive, a lock down of the platforms configuration details (so if a drive is removed from the original source, and placed on a different platform for extraction of data, then it simply won't work, and continued attempts shall corrupt any existing data.)

    All of them require a commitment to- and understanding of- the need underlying the use of encryption tools.

    Commitment comes of course to utilizing the encryption tool in your day-to-day use of the system. How you log in, what approach you expect to use to secure your system, and accepting the additional key-strokes needed to follow through with that commitment.

    So, "...extremely dangerous..." really stems from the fact that if misused, or to lazy to read about the product you are using, you can get into trouble. Otherwise, no one walks the path of security lightly anyway; so implement and know that the product does as it states. It is generally user-malfunction that winds up being the dangerous part of the equation. MS knows this, and expects that folks that choose to use it, also choose the "life-style" needed to commit to such approaches.

    A last thought. BitLocker, in the vast majority of cases, really is one of the most reliable and robust product offerings of Microsoft. Embedded within the Operating System, it has proven to be the bane of many a nefarious characters. And a boon to people and companies that wish to keep their information safe. Problems really do stem from, in most cases, user-malfunction. Microsoft did walk the right path though, when they provided the tool, and nothing to recover data (except knowing the passwords and other security measures put into place by the individual user) - otherwise, those nefarious characters would use that knowledge to make BitLocker far less than what it is.

    :)


    Jim - Mastiffs are the greatest!

    Saturday, March 25, 2017 2:48 PM