Is it possible to encrypt home folder on windows 7?

Ubuntu and MaxOS has an ability to encrypt home folder in case laptop is stolen. Is it possible to do same thing on Windows 7? I need to encrypt home folder so it will be encrypted and decrypted runtime using my password, so if laptop is stolen it is no way for a stealer to remove HDD and read / decrypt sensitive data.

If such thing is possible, what version of Windows 7 provides that functionality? Is "home premium" enough?


Solution 1:

TrueCrypt provides the ability to do a pre-boot system encryption. Maybe thats what you're looking for.

Solution 2:

I found this article on Microsoft.com, it was written for Vista, so should still work on 7.

  1. Right-click the folder or file you want to encrypt, and then click Properties.

  2. Click the General tab, and then click Advanced.

  3. Select the Encrypt contents to secure data check box, and then click OK.

Solution 3:

It is possible to encrypt the entire hard drive (including the home folder) using the BitLocker feature. This is only available in Windows 7 Ultimate.

If by 'home folder' you mean user's data folder (C:\Users\username), that can probably be done in other versions.

Solution 4:

As alternative solutions to TrueCrypt, consider EncFS, VeraCrypt, or NTFS Encryption.

Paid alternatives include Microsoft's BitLocker, McAfee, and Symantec.

Using NTFS Encryption

Windows implements NTFS and Encrypting File System as a built in solution. This can be as simple as:

  1. Right Clicking the folder
  2. Select the General Tab,
  3. Click the Advanced Button,
  4. Check the Encrypt Contents to Secure Data Check Box.

However, I am not the best advocate for this solution, as most scenarios I encounter require backing up user files to a USB drive our cloud storage--where the requirement is to ensure the files remain encrypted on the USB drive or Cloud Storage.

The EncFS Alternative:

This is kind of the "go-to" solution for multi-platform needs, (Windows, Linux, Apple, Android, etc).

For example, EncFS will allow you to synchronize encrypted files to your iPhone, Android Phone, Apple, Linux, Windows, DropBox, GoogleDrive, whatever--and the files will remain encrypted on each device--this is not an option with NTFS EFS Encryption.

Since files are individually encrypted with EncFS, and can be synchronized one at a time, a large "encrypted container," does not have to be re-copied every time one file is changed, as is the case with Veracrypt/TrueCrypt.

However, the down-side is that you will have to edit Windows Login Scripts to mount the EncFS folders as the User's "Documents" folder, etc. But, with NTFS EFS Encryption, this is not an issue and works auto-magically.

Not Using BitLocker or VeraCrypt:

Functionally, BitLocker is similar to VeraCrypt/TrueCrypt when it comes to whole drive encryption. And for the same reasons, neither really address the need to encrypt different users' home folders individually: an admin who is able to decrypt the entire drive will have access to their home folder AND yours as well.

Further, even if you use a separate encrypted drive partition, for each user's "home folder", Windows will not prompt you to decrypt that drive, or prompt you to, at login. Windows will wait until after the User Environment is loaded. -- That means you cannot really "redirect" home folders, (documents, photos, etc), to that encrypted partition reliably.

For those reasons, EncFS is useful for encrypting particular folders, and files.

But, BitLocker and VeraCrypt, (... and dreamily, dmcrypt/Luks with mainstream support for Windows ... Someday ... Soon(tm)) ...

If Choosing to Use VeraCrypt/TrueCrypt:

Obviously, utilizing TrueCrypt, in view of the Security Audit, etc, is not the best idea.

However, there are a /lot/ of startup replacements, of which, Veracrypt "seems" like the most stable ... for now, *cough.

If you insist on using the old TrueCrypt, and you download it from third party sites. You can attempt to validate you have the original copy by:

  1. Downloading TrueCrypt's Public Key from their website.
  2. Searching for the original 7.1a download and signature.
  3. Verifying the digital signature of the downloaded file, like https://www.torproject.org/docs/verifying-signatures.html.en.
  4. Or Trusting a third party signature/key like, https://defuse.ca/truecrypt-7.1a-hashes.htm .

It is absolutely not the best practice to use unmaintained security tools, when valid alternatives exist. From TrueCrypt's Website: "Using TrueCrypt is not secure as it may contain unfixed security issues".