This article was previously published under Q307877
This article has been archived. It is offered "as is" and will no longer be updated.
This article describes how to use the Windows XP Encrypting File System (EFS) feature to store files in an encrypted format on your hard disk.
Encryption is the process of converting data into a format that cannot be read by others. You can use EFS to automatically encrypt your data when it is stored on the hard disk.
The EFS feature is not included in Microsoft Windows XP Home Edition.
How to Encrypt a File
You can encrypt files only on volumes that are formatted with the NTFS file system. To encrypt a file:
Click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
Locate the file that you want, right-click the file, and then click Properties.
On the General tab, click Advanced.
Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK.
Click OK. If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps:
If you want to encrypt only the file, click Encrypt the file only, and then click OK.
If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.
If another user attempts to open an encrypted file, that user is unable to do so. For example, if another user attempts to open an encrypted Microsoft Word document, that user receives a message similar to:
Word cannot open the document: username does not have access privileges (drive:\filename.doc)
If another user attempts to copy or move an encrypted document to another location on the hard disk, the following message appears:
Error Copying File or Folder Cannot copy filename: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.
You cannot encrypt files or folders on a volume that uses the FAT file system.
You must store the files or folders that you want to encrypt on NTFS volumes.
You cannot store encrypted files or folders on a remote server that is not trusted for delegation.
To resolve this issue, configure the remote server as being trusted for delegation. To do this:
Log on to a domain controller with an account with administrator privileges.
Start the Active Directory Users and Computers snap-in.
In the left pane, expand the domain container. Locate the server you want, right-click it, and then click Properties.
On the General tab, select the Trust computer for delegation check box (if it is not already selected). Click OK to respond to the "Active Directory" message that appears.
Click OK, and then quit Active Directory Users and Computers.
You cannot gain access to encrypted files from Macintosh client computers.
You cannot open documents that were stored by others in an encrypted folder that you created.
If another user creates a document in an encrypted folder, that document is encrypted allowing (by default) only that user to gain access. Because of this, a folder that you encrypt may contain files that you are unable to open. If you require access to these files, request that your user account be added to the list of users with whom the encrypted files are shared.
For more information, click the following article number to view the article in the Microsoft Knowledge Base: