Using Windows Encrypted File System to Protect Temporary Files Containing Sensitive Data
All University employees are required to protect University data as described in detail at http://www.cit.cornell.edu/security/data/index.cfm. ILR Technology Services does not condone or support the storage of any confidential University data except in specific applications protected by our Citrix environment.
Individuals that are required to handle sensitive data as part of their job can take advantage of our Active Directory Encrypted File System (EFS) to help protect the privacy of sensitive files in the event of the loss or theft of a computer.
How to enable Windows file encryption
- On your Windows Desktop, create a new folder to hold your confidential files (use a generic name like "Temp Files").
- Right click on the folder and select Properties.
- Click Advanced
- Check "Encrypt Contents to secure data" then click OK.
Notes and Caveats
Once a folder is encrypted, only the user who encrypts the file or folder can access the content. Other administrative user accounts will be able to see the names of the files, but not the content.
Files are automatically decrypted if you move/copy them to another (unencrypted) location. This includes external drives and your I: drive when files are backed up using our standard backup login script.
Folders/files stored on ILR servers cannot be encrypted with EFS. This includes any folders in your profile that are redirected to a server share.