How to identify files that have been encrypted with EFS?

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

How do I go about identifying files that my users have encrypted with EFS?

I'm going to disable it, but want to make sure that I can identify what
files are encrypted (through some command line means, I'm not going to look
through every folder in windows explorer).

Also, when I delete the default DRA that's in place, will any encrypted
files that I've missed suddenly become useless? Will the user be able to
decrypt them, but not encrypt them? Or can they still use them normally?
2 answers Last reply
More about identify files encrypted
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Daniel,

    I am not sure about Windows 2000, but in Windows XP there is a tool called
    "Cipher". If you run it as

    cipher /s:c:\

    it will list your files and their properties (encrypted or unencrypted).

    If you remove DRA users will still be able to open the files as long as they
    have their private keys. If they for some reason they lose their keys, there
    will be no "backup keys" since you removed your DRA.

    --
    Mike
    Microsoft MVP - Windows Security

    "Daniel Peterson" <pythas@hotmail.com> wrote in message
    news:OL5DfdJCFHA.2568@TK2MSFTNGP11.phx.gbl...
    > Hello,
    >
    > How do I go about identifying files that my users have encrypted with EFS?
    >
    > I'm going to disable it, but want to make sure that I can identify what
    > files are encrypted (through some command line means, I'm not going to
    > look through every folder in windows explorer).
    >
    > Also, when I delete the default DRA that's in place, will any encrypted
    > files that I've missed suddenly become useless? Will the user be able to
    > decrypt them, but not encrypt them? Or can they still use them normally?
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Daniel Peterson wrote:

    > How do I go about identifying files that my users have encrypted
    > with EFS?
    >
    > I'm going to disable it, but want to make sure that I can identify
    > what files are encrypted (through some command line means, I'm not
    > going to look through every folder in windows explorer).
    Hi

    Using a VBScript is an option:

    http://groups.google.co.uk/groups?selm=%23aWczwhTEHA.3332%40TK2MSFTNGP12.phx.gbl


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
Ask a new question

Read More

Windows