How to identify files that have been encrypted with EFS?

  • Thread starter Daniel Peterson
  • Start date
D

Daniel Peterson

Hello,

How do I go about identifying files that my users have encrypted with EFS?

I'm going to disable it, but want to make sure that I can identify what
files are encrypted (through some command line means, I'm not going to look
through every folder in windows explorer).

Also, when I delete the default DRA that's in place, will any encrypted
files that I've missed suddenly become useless? Will the user be able to
decrypt them, but not encrypt them? Or can they still use them normally?
 
M

Miha Pihler [MVP]

Hi Daniel,

I am not sure about Windows 2000, but in Windows XP there is a tool called
"Cipher". If you run it as

cipher /s:c:\

it will list your files and their properties (encrypted or unencrypted).

If you remove DRA users will still be able to open the files as long as they
have their private keys. If they for some reason they lose their keys, there
will be no "backup keys" since you removed your DRA.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Is it possible to decrypt EFS files without backup certificate 33
How to stop Windows copying "encrypted" attribute with file? 2
Cannot get EFS recovery agent function to work! 6
Help with EFS 1
CA deleted - Can't decrypt files 3
How to recover encrypted files on an NTFS volume? 6
Re. Decryption in EFS 1
User vs. Basic EFS certificate 3

Top