My question is essentially if I can enable EFS for Windows XP Home SP3 running a NTFS formatted HD. I have read through dozens of online forums and can’t seem to figure this out. Currently when I view a folder’s Properties>General>Advanced Attributes>Compress or Encrypt attributes the box and text that reads “Encrypt contents to secure data” is grey out and I am unable to choose this option. I have read about making changes to the registry. My best research shows this method as being possible with Windows XP Pro, but again I have the Home edition of Windows XP. Here goes:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
Create a new DWORD value, or modify the existing value, called "EfsConfiguration" and set it based on these values:
Value Name: EncryptionContextMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = enabled).
Here is the original URL suggesting this fix: Windows Help and Support suggests a similar method with a difference in the location in the registry.
Above source suggest this location: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
Windows Help and Support suggests installing a hotfix (WHICH I CAN NOT FIND) and then advises me to do this :
Note 1: (original URL is Note 2: (The highlighted text represents the differing locations in the registry to make changes.)
After you install the hotfix, you can prevent EFS from generating self-signed certificates. To do this, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\EFS
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type EfsOptions, and then press ENTER.
5. Double-click EfsOptions, type 0 in the Value data box, and then click OK.
6. Exit Registry Editor.
After you add the EfsOptions registry value, you must create a custom Administrative Template to define a new policy. This new policy will centrally manage the registry change. To do this, follow these steps:
1. Start Notepad.
2. Type the following text:
CLASS MACHINE
CATEGORY "System"
CATEGORY "Public Key Policies"
POLICY "Encrypted File System"
KEYNAME "Software\Policies\Microsoft\Windows NT\CurrentVersion\EFS"
PART "Allow EFS to Generate Selfsigned Certificate when a Certificate Authority is not available" CHECKBOX
VALUENAME "EfsOptions"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
END POLICY
END CATEGORY
END CATEGORY
3. On the File menu, click Save As.
4. In the Save as typelist, click All Files.
5. Type %windir%\inf\efscustom.adm in the File name box, and then click Save.
Note The %windir% placeholder represents the drive letter of the Windows system folder.
6. Exit Notepad.
7. Restart the computer.
Are either of these a viable method for enabling EFS on my system? Is a hotfix available for download that I’m unaware of? Any advice would be greatly appreciated.
Jacob Justus
Engineer
untangledsolutions.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
Create a new DWORD value, or modify the existing value, called "EfsConfiguration" and set it based on these values:
Value Name: EncryptionContextMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = enabled).
Here is the original URL suggesting this fix: Windows Help and Support suggests a similar method with a difference in the location in the registry.
Above source suggest this location: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]
Windows Help and Support suggests installing a hotfix (WHICH I CAN NOT FIND) and then advises me to do this :
Note 1: (original URL is Note 2: (The highlighted text represents the differing locations in the registry to make changes.)
After you install the hotfix, you can prevent EFS from generating self-signed certificates. To do this, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\EFS
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type EfsOptions, and then press ENTER.
5. Double-click EfsOptions, type 0 in the Value data box, and then click OK.
6. Exit Registry Editor.
After you add the EfsOptions registry value, you must create a custom Administrative Template to define a new policy. This new policy will centrally manage the registry change. To do this, follow these steps:
1. Start Notepad.
2. Type the following text:
CLASS MACHINE
CATEGORY "System"
CATEGORY "Public Key Policies"
POLICY "Encrypted File System"
KEYNAME "Software\Policies\Microsoft\Windows NT\CurrentVersion\EFS"
PART "Allow EFS to Generate Selfsigned Certificate when a Certificate Authority is not available" CHECKBOX
VALUENAME "EfsOptions"
VALUEON NUMERIC 4
VALUEOFF NUMERIC 0
END PART
END POLICY
END CATEGORY
END CATEGORY
3. On the File menu, click Save As.
4. In the Save as typelist, click All Files.
5. Type %windir%\inf\efscustom.adm in the File name box, and then click Save.
Note The %windir% placeholder represents the drive letter of the Windows system folder.
6. Exit Notepad.
7. Restart the computer.
Are either of these a viable method for enabling EFS on my system? Is a hotfix available for download that I’m unaware of? Any advice would be greatly appreciated.
Jacob Justus
Engineer
untangledsolutions.com