Scribd
Upload
55 views

Tutorial 2

This document provides a tutorial on encrypting files and drives using Encrypting File System (EFS) and BitLocker in Windows. It aims to help students understand how EFS and BitLocker encrypt data, use command prompts to encrypt and decrypt files/drives, and backup/restore encryption keys. The step-by-step guide instructs students to encrypt a password file with EFS, backup the encryption key, create test accounts, access the encrypted file with other accounts, and decrypt the file or drives using commands. It also discusses checking encrypted file status and restoring encryption certificates from backup files.

Uploaded by

Nam Bui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
55 views

Tutorial 2

This document provides a tutorial on encrypting files and drives using Encrypting File System (EFS) and BitLocker in Windows. It aims to help students understand how EFS and BitLocker encrypt data, use command prompts to encrypt and decrypt files/drives, and backup/restore encryption keys. The step-by-step guide instructs students to encrypt a password file with EFS, backup the encryption key, create test accounts, access the encrypted file with other accounts, and decrypt the file or drives using commands. It also discusses checking encrypted file status and restoring encryption certificates from backup files.

Uploaded by

Nam Bui
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

NETWORK SECURITY

Tutorial 2

ENCRYPT FILES, DRIVES USING EFS & BITLOCKER

 Purpose
On finishing this tutorial, students are expected to:
- Recognize the importance of keep data secure
- Understand the mechanism of how EFS & Bitlocker use to encrypt and
decrypt data
- Able to use some prompt commands of Windows
- Able to encrypt and decrypt files and drives for data protection
- Able to backup & recover certificates & keys in case of losing access to
computer accounts.
 Discussion
Students are required to read the slide uploaded on FIT portal & try to answer
the following questions:
- What is the encrypting mechanism of EFS?
- What is the hardware requirements of Bitlocker?
- What are differences between EFS and Bitlocker?
 Step-by-Step Guide
Students are required to follow the step-by-step guide given to fulfill the
following contents:
- Encrypt the password file with EFS
- Backup certs & keys for recovery purpose
- Create other accounts
- Access to the password files using other accounts
- Recover /import the certs & keys
- Encrypt/decrypt drives using BitLocker

NSE TUTORIAL BY NHUNGVT 1


STEP-BY-STEP GUIDE

PART A: ENCRYPT THE PASSWORD FILE WITH EFS

1. CREATE A CERTIFICATE MANAGEMENT CONSOLE FOR USERS

2. Run MMC -32 as administrator

3. Select File > Add or Remove Snap-ins

4. Select Certificates and then click Add

NSE TUTORIAL BY NHUNGVT 2


5. Select My user account and press Next

6. And then save the console by going to the Console. Fille > Save as.

2. ENCRYPTING FILES

Press Windows Key + X then select Command Prompt (Admin).

NSE TUTORIAL BY NHUNGVT 3


3. Go to C directory, create a directory

Cd C:\

Md CONFIDENTIAL

Then go to CONFIDENTIAL folder

cd CONFIDENTIAL

4. Create a file password.txt that stores the secret information

Copy con password.txt

And then you added your sensitive information here. For example,

Type “Mypass is 123456”. Then press Control + Z to exit.

NSE TUTORIAL BY NHUNGVT 4


5. Now type the following command into cmd and hit Enter:

Cipher /e password.txt

Note:

Apply changes to this folder, subfolders and files: cipher /e /s:”full path of folder”

Apply changes to this folder only: cipher /e “full path of folder or file with
extension”

3. Close command prompt when finished.

NSE TUTORIAL BY NHUNGVT 5


PART B. Back up your Encrypting File System (EFS) encryption key

Once you enabled the EFS for any file or folder, a small icon will appear in the
taskbar, probably next to the battery or WiFi icon.

Simply click on the EFS icon in the system tray to open the Certificate Export
Wizard.

1. First, make sure to plug in your USB drive into the PC to copy the backup file. (In
the lab, I backuped onto the disk drive, for best practice, you should save it into
safe place).

2. Now click on the EFS icon from the system try to launch the Certificate Export
Wizard.

NSE TUTORIAL BY NHUNGVT 6


3. Once the wizard opens, click Back up now (recommended).

4.Click on Next and again click Next to continue.

6. On the Security screen, checkmark “Password” box then type a password in


the field.

NSE TUTORIAL BY NHUNGVT 7


6. Again type the same password to confirm it and click Next.

7. Now click on Browse button then navigate to the USB drive and under file name
type any name.

NSE TUTORIAL BY NHUNGVT 8


Note: This would be the name of the backup of your encryption key.

8. Click Save then click on Next.

9. Finally, click Finish to close the wizard and click OK.

This backup of your encryption key will come very handy if in case you ever lose
access to your user account, as this backup can be used to access the encrypted
file or folders on the PC.

PART C: CREATE TEST ACCOUNTS

1. Create local account using Command Prompt

If you’re comfortable typing command lines, it’s actually a lot faster to create a
local account on Windows 10 using Command Prompt.

To create a local account on Windows 10 with Command Prompt, use these


steps:

1. Open Start.

NSE TUTORIAL BY NHUNGVT 9


2. Search for Command Prompt, right-click the result, and select the Run as
administrator option.
3. Type the following command and press Enter:

net user USER_NAME PASSWORD /add

In the above command make sure to change USER_NAME and PASSWORD with
the credentials you want to use for the new user account.

4. Type the following command to add the newly created account to the
Administrators group and press Enter:

net localgroup administrators USER_ACCOUNT /add

Creating admin local account using Command Prompt

In the command, make sure to replace USER_ACCOUNT with the account name
you want to add to the administrators group.

If you want to test the new changes, sign-out and you’ll notice the new user
account sitting in the bottom-left corner of the screen. Then select the new user
account and sign in.

NSE TUTORIAL BY NHUNGVT 10


It’s also possible to create a local account using PowerShell, and here are the
steps.

Step 2. Activate Local Administrator

By default, the Local Administrator is disabled. You can enable by command


line.

1. Select “Start” and type “CMD“.


2. Right-click “Command Prompt” then choose “Run as administrator“.
3. If prompted, enter a username and password that grants admin rights to the
computer.
4. Type: net user administrator /active:yes
5. Press “Enter“.

Replace “yes” with “no” to disable the admin account on the welcome screen.

If this Account doesn’t have the password, you can create a password by typing

net user administrator <Password>

PART D. VERIFYING ENCRYPTED FILES

1. In the same CMD, switch to another account by

runas /user:yourPCname\Administrator cmd

2. Go to the encrypted folder to see the encrypted file

Cd C:\CONFIDENTIAL

3. Type cipher to view check status of files in that directory.


E means encrypted
U means unencrypted
4. View the file content, type

NSE TUTORIAL BY NHUNGVT 11


type password.txt

You can see the message: “Access is denied”

PART E. Restore your EFS File Encryption Certificate


and Key from PFX file

1. Switch to another user account that is not the owner of that password.txt

2. Try to import backup key & certificate

Either double click/tap on the backed up PFX file, or right click or press and hold
on the PFX file and click/tap on Install PFX. (see screenshot below)

3. Click/tap on Next. (see screenshot below)

NSE TUTORIAL BY NHUNGVT 12


Click/tap on Next. (see screenshot below)

4. Enter the password for the private key included in the PFX file , check Mark
this key as exportable, check Include all extended properties, and click/tap

NSE TUTORIAL BY NHUNGVT 13


on Next. (see screenshot below)

5. Select (dot) Automatically select the certificate store based on the type of
certificate, and click/tap on Next.

6. Click/tap on Finish.

NSE TUTORIAL BY NHUNGVT 14


7. Click/tap on OK. (see screenshot below)

8. Then you open the file password. You can see the content of the password.txt
now.

WHY?

NSE TUTORIAL BY NHUNGVT 15


PART F. Decrypt File or Folder Using Command Prompt

1. Press Windows Key + X then select Command Prompt (Admin).

2. Type the following command into cmd and hit Enter:

To Decrypt a File: cipher /d "full path of file with extension"


Note: Replace “full path of file with extension” with the actual location of the file
with its extension for example:
cipher /d “C:\confidential\password.txt”

3. Once finished close cmd and reboot your PC.

NSE TUTORIAL BY NHUNGVT 16


PART G.
Device encryption in Windows

What is device encryption?

Device encryption helps protect your data, and it's available on a wide range of
Windows devices. If you turn on device encryption, the data on your device can
only be accessed by people who've been authorized. If device encryption isn't
available on your device, you may be able to turn on standard BitLocker
encryption instead.

Note
BitLocker is not available on Windows 10 Home edition.

To see if you can use device encryption

1. In the search box on the taskbar, type System Information, right-


click System Information in the list of results, then select Run as
administrator. Or you can select the Start button, and then under Windows
Administrative Tools, select System Information.
2. At the bottom of the System Information window, find Device Encryption
Support. If the value says Meets prerequisites, then device encryption is
available on your device. If it isn't available, you may be able to use standard
BitLocker encryption instead.

To turn on device encryption

1. Sign in to Windows with an administrator account (you may have to sign out
and back in to switch accounts).

NSE TUTORIAL BY NHUNGVT 17


2. Select the Start button, then select Settings > Update &
Security > Device encryption. If Device encryption doesn't appear, it isn't
available. You may be able to turn on standard BitLocker encryption instead.

3. If device encryption is turned off, select Turn on.

To turn on standard BitLocker encryption

1. Sign in to your Windows device with an administrator account.


2. To set up Bitlocker:

 Go to the Control Panel.


 Click System and Security.
 Click BitLocker Drive Encryption.
 Under BitLocker Drive Encryption, click Turn on
BitLocker.

 Select Enter a password or Insert a USB flash drive. If you have chosen to
use a USB flash drive as a trigger to unlock your drive, you can choose to
do this with a password or smart card. In this example, we will use a
password.
 Enter a password and confirm it, and then click Next.
NSE TUTORIAL BY NHUNGVT 18
 Select how to save a recovery key to regain access to your drive in case you
forget your password (e.g. on a USB flash drive or to your Microsoft
account), and click Next.
 Select an encryption option: Encrypt used disk space only (faster)
or Encrypt entire drive (slower), and click Next.
 Choose from two more encryption options: New encryption mode (best
for fixed drives) or Compatible mode (best for removable devices), and
click Next.
 Check Run BitLocker system check, which ensures that the recovery and
encryption keys will work, and click Continue.
 Last, verify that BitLocker is turned on. To do this, go to My PC in Windows
Explorer and check for a Lock icon displayed next to the drive.

To disable or suspend BitLocker:

1. Press the Windows key + E to open Windows Explorer.


2. Click This PC.
3. Right-click the encrypted drive and select Manage BitLocker.
4. For each drive or partition encrypted, you can select to suspend BitLocker
or completely disable it. Select the option you want and follow the wizard.

NSE TUTORIAL BY NHUNGVT 19

You might also like