Enabling the EFS Encryption of Files Using the Encrypt Command

Q: Are there any easy-to-use mechanisms available to enable the Encrypting File System (EFS) encryption of files? The only mechanism that I'm currently aware of is the Encrypt contents to secure data option that's located in a file’s advanced properties.

A: You can also use the Encrypt command on a file’s Windows Explorer shortcut menu (i.e., the menu that opens when you right-click a file in Windows Explorer) to encrypt a file. The Encrypt option isn't displayed automatically in Windows Explorer; it's disabled by default. To enable it you must add the EncryptionContextMenu value with a REG_DWORD data value of 1 to the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced registry key. Enabling the EncryptionContextMenu setting also adds a Decrypt option to the shortcut menu, which lets you easily decrypt EFS-encrypted files.
 
Another handy tool—especially when you want to automate EFS operations from the command line—is the cipher.exe tool. You can, for example, include cipher.exe in a user’s logon or logoff script or in a machine’s startup or shutdown script to automate the EFS encryption of files. Table 1 provides an overview of interesting cipher commands and switches.