Compression and Other Attributes in EFS

Posted on January 7, 2009 by Daniel Petri in Security with 0 Comments

Can I encrypt compressed files or folders? Can I compress encrypted files or folders?

No. NTFS file compression and file encryption are mutually exclusive because of the way NTFS compression is performed. You can use only one of these options at a time on a file.

If the file is compressed and you try to encrypt it, then the check boxes will actually act as radio boxes (Stupid MS programmers! If they are in fact radio boxes why make them look like check boxes? Too much pizza?)

It’s either this

Or this…

Because encryption is an attribute, you must have write permission to encrypt a file or folder. But even if you have write permission, you cannot encrypt files or folders in the systemroot folder (for example, %systemroot%\Notepad.exe or %systemroot%\System32). You also cannot encrypt files or folders that have their system attribute set. If these types of files and folders could be encrypted, it might render the system useless. This is because many of these files are needed for the system to start up, and decryption keys are not available during the startup process to decrypt them. If you attempt to encrypt a file or folder in the systemroot folder or that has its system attributes set, the encryption attempt fails and an error message appears.

Try to encrypt Notepad.exe for example…

Click Ok…

and get this error…

Related articles

You might also want to read the following related articles: