Windows EFS encryption but (somehow) with password?

administrator windows user-accounts encryption efs

I imported the EFS certificate into my default user account to regain access.

It's not enough to import just the certificate, you have to import the corresponding private key as well. Make sure that you've selected "Export private key" and received a .pfx (or .p12) file, not just a .cer or .crt file.

Your certmgr.msc should show "You have a private key" after importing.

Note that EFS supports encrypting the same file with multiple users' certificates at once. The "guardian" user can add your certificate to some files either through the Properties dialog, or through cipher /adduser, and then you'll become able to read the files using your own keypair.

When trying to export/import the certificate I saw an option like "Very secure — promt for password when opening", just it didn't work

These options will not work for EFS, because the certificates are accessed by the filesystem driver, which is unable to prompt for confirmation. Only regular apps which use certificates for authentication or encryption (e.g. browsers) can make use of these security prompts.

And possibly in an easier way than I described, e.g. like transferring access to another (administrator?) user of mine which subsequently requires other users to enter a password to open if that's possible way to go?

You could do this by launching the specific application – text editor or file manager – as the guardian user, while still being logged in to your main account. This can be done using runas (or the "Run as different user" option that appears after Shift+rightclick).

For example, if you use runas /user:guardian notepad and input the password, then that Notepad instance will be able to access the protected files but the rest of your desktop will not.

enter image description here

This method works with EFS, but it doesn't strictly require EFS – as long as your main account is not an Administrator, you can just rely on the file permissions denying you access.

Downside: Some programs cannot be started with runas, e.g. the Windows Explorer file manager (use a third-party one instead, such as Total Commander) or modern UWP applications.

Or anything else, please? If not Windows-native, then at least available from the File Explorer context menu?

Most file archivers, such as WinRAR or 7-zip, support archiving files through the context menu and encrypting them using AES.

is there a way to prevent unauthorized users from deleting files? I mean I know related permissions can be set in the Windows file properties, but afterwards it only took me (using my default user without read access) to "take ownership" of the file again

Don't make your main account an administrator. Only administrators are allowed to take ownership of objects. (Removing yourself from the admin group should be mostly painless thanks to UAC.)

If you start with the assumption that an unauthorized user has system administrator rights, you will not go far at all. Administrator rights allow destroying data in many different ways.

Related

Eclipse Intellisense?
Using a socks proxy with git for the http transport
How to troubleshoot sudden text input failure?
Do I need an separate EFI partition for each OS sharing a common disk?
Yellow and gray blend with white on a remote monitor connected with a HDMI-VGA adapter
Chart.js canvas resize
How to start a service automatically when Arch Linux boots?
Excel INDIRECT function and conditional formatting - highlighting a row
How do I shrink the partition of an img file made from dd?
How to solve the "Bootmgr is missing" problem on Windows 7 machine?
External antennas of same router on different floors
Disabled all services in msconfig - login no longer working