Learn Win XP Professional in 15 Minutes a Week: Compression and the Encrypted File System

Learn Win XP Professional in 15 Minutes a Week: Compression and the Encrypted File System


April 18, 2003

Welcome to this installment of Learn Windows XP Professional in 15 Minutes a Week, the 22nd in this series. In this article we will continue our look at compression and EFS under Windows XP Professional.

Windows XP Professional allows for both compression and encryption natively within the operating system by setting given attributes on the files and folders. Both of these functions are mutually exclusive of each other and only one or the other can be enacted on a particular file or directory at any given time.

[NOTES FROM THE FIELD] - What you can do is compress an entire directory and all of the files and folders within that directory and then go in and elect to encrypt select files which will remove the compression bit from those selections that will be come encrypted. A file or folder cannot be both encrypted and compressed at the same time under Windows 2000 or XP Professional natively by the operating system itself.

There is a Compressed Folders feature within Windows XP Professional which provides the ability to create compressed folders and view their contents much in the manner that many other programs such as PKZip and WinZip perform. This article deals with the operating system / attribute driven level of compression and not this particular utility.

It is important to note that compressed folders of this nature, created through the use of the Compressed Folders feature within Windows XP Professional, can be encrypted on NTFS partitions and can be compressed (only) on FAT16 and FAT32 partitions.

You can encrypt a folder by selecting the folder, right clicking it and choosing Properties.

On the GENERAL tab of the properties page you would select the Advanced button in order to bring up the Advanced Attributes page, as shown below.

On the Advanced Attributes page you would go down to the Compress or Encrypt attributes section where you can choose one checkbox to compress the contents or the other to encrypt them.

[NOTES FROM THE FIELD] - Strangely enough, the options to target are check boxes, which normally denote the ability to choose more than one selection. (Radio buttons are normally used in a situation where only one option from a number of given ones can be selected.) Regardless of which, if you attempt to select both, you will find that your second choice in this section undoes your first selection.

I think the decision to program this property page in this way stems from the fact that you cannot unselect a radio button by clicking on it a second time as you can a checkbox. (This is just my thought on this. This is not backed up by any facts). If you want to make a folder and the contents "normal" by neither encrypting them nor compressing them, you'd clear the checkboxes.

Once you elect to encrypt the folder by selecting that checkbox you would click OK and it would seem as if nothing has happened, and actually, nothing has. Until you click APPLY or OK to the main property sheet, you will not be given any further options for this operation.

At that time, the next options are available as shown below.

If you elect to apply changes to the folder only, only the folder itself will become encrypted. What this means is that anything currently in the folder will keep its current state which is unencrypted. Anything added to that folder from that point forward will become encrypted as it is copied to or moved to the folder.

Once you hit OK you will see the progress of the encryption attribute being set on all the files and subfolders as you have selected.

[NOTES FROM THE FIELD] - Any encrypted file that is moved to or copied to a compressed folder will remain encrypted and will NOT become compressed and hence unencrypted.

If the encrypted file that was moved to that folder is right clicked and has the encryption attribute removed it will NOT become compressed automatically.

The only way to compress that file is to individually right click it and choose to compress it or to MOVE it out of and then back into the folder AFTER the encryption bit has been turned off for that file. Simply copying it out to a temporary location and then back in with the OVERWRITE option will NOT cause it to become compressed even if changes were made to the copied out version.

This means that if an encrypted document is unencrypted in a compressed folder it will be in a normal state, (not encrypted nor compressed). If another copy of that document exists somewhere else on the system and it is in a compressed state and editing is performed on that copy and then saved at that location of the hard drive and then that compressed and updated copy is copied over the older version, that older version will still be uncompressed in that folder that is supposed to compress all new files that are copied in. The updates to the text will be present, but the file will still be uncompressed.

This is because the attributes to the file are not carried over with the changes to the file itself.

This also works for the reverse, from not compressed to compressed.

If you elect to apply changes to the folder and all of the files and subfolders contained within the folder, they will all become encrypted.

If you elect to remove encryption from the folder itself and choose to make the attribute changes to the folder only, all the files in the folder that were encrypted before will remain encrypted and if you copy them within the partition those individual files will remain encrypted. All new files copied to or created in that folder will no longer have the encryption bit set.

When you effect changes to the folder and all of the files subfolders contained within, all of the files will be come decrypted.

[NOTES FROM THE FIELD] - If there is a file within the folder that is to be uncompressed that is in an encrypted state, it will stay encrypted as the encrypted attribute of that file is not affected by the clearing of the compression attributes of the other files around it and the fold it's in.

You can select to view compressed and encrypted files in different colors so that you know the state of the file by quickly looking at it.

[NOTES FROM THE FIELD] - In the example above, the folders denoted in blue lettering are compressed and the ones in green lettering are encrypted. This can be set by going in to the Windows Explorer and choosing Tools and then Folder Options.

On the View tab of the pop up box is where you would select the Show encrypted of compressed NTFS files in color checkbox to enable this feature.

If you copy an attribute set encrypted file to a FAT16 or a FAT32 partition or to a floppy disk, it will lose its encryption attribute.

Strangely enough, when you perform this same action under Windows 2000 you will not receive this message. You will simply be able to perform your action without the warning.

The overall rules for encryption are as follows (and they are different than compression):

  • When moving or copying a file within the same NTFS volume an encrypted file will not inherit the encryption state of the target folder when that folder is unencrypted. When you copy or move an encrypted file to an unencrypted folder, the file is still encrypted. If you have enabled a folder to encrypt files and you move or copy an unencrypted file to it, it will become encrypted at that point.
  • When copying or moving a file or folder from one NTFS volume to another an encrypted file will not inherit the encryption state of the target folder when that folder is unencrypted. When you copy or move an encrypted file to an unencrypted folder, the file is still encrypted. If you have enabled a folder to encrypt files and you move or copy an unencrypted file to it, across partitions, it will become encrypted at that point.
  • Moving or copying a file or folder to a FAT16 or FAT32 volume - Windows XP Professional supports attribute driven encryption only on the NTFS file system, so when you move or copy an encrypted NTFS file or folder to a FAT volume, (12, 16 or 32) the encryption attribute will be lost.
  • Moving or copying a compressed file or folder to a floppy disk or other removable media - Windows XP Professional supports attribute driven encryption only on the NTFS file system, so when you move or copy an encrypted NTFS file or folder to most types of removable media, the encryption attribute will be lost because most forms of removable media do not support the NTFS file system.

If you should remove encryption from the parent folder only, all the files and subfolders remain encrypted and any new files or folders moved, copied or created in the parent folder will be in an unencrypted state.

The unencrypted folders are shown in black text.

Well, that wraps up this section of Learn Windows XP Professional in 15 Minutes a Week. I hope you found it informative and will return for the next installment.

If you have any questions, comments or even constructive criticism, please feel free to drop me a note.

I want to write solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.

 

Until next time, best of luck in your studies and remember,



"For common sense to be truly common one would expect to see it more often"