7
1
Since a few days when I start Windows Vista i get a Popup from "Encrypting File System" (coming from process efsui.exe) asking me to backup the certificate and key.
I don't know what i did to get this message (The last SW i did install was google desktop).
Now i'm wondering what directories or file are encrypted with EFS. Is there a way to found out?
Thanks for your help.
gsharp
Posted 2009-09-08T17:03:16.353
Reputation: 1 126
8
You can trying using this batch file :
@echo off
cls
:: Set the varibles - Use Quotes "" if there are spaces in the source or log path
set log_path=C:\EFS_Find
:: Find Encrypted Files
cipher /s C:\ | findstr "^.E" >> %log_path%\found.txt && echo:Encrypted files found"
:: Find Hidden Files
attrib /s C:\ 2>nul | findstr "^....H" >> %log_path%\found.txt && echo:Hidden files found"
pause
This batch file will scan your C:\ drive for all EFS encrypted files (and also hidden files), echo on the screen every time it finds one, and record all instances of encrypted files found into C:\EFS_Find\found.txt.
For a command-line approach to finding just encrypted files, you can type in the command-line :
cipher /s:C:\ | findstr "^.E" >> C:\efs_found.txt && echo:Encrypted files found"
This will search your entire C:\ drive for encrypted files, and dump it into C:\efs_found.txt.
Modified from the solution found here.
To disable EFS on your Vista system, I refer you to the link here :
caliban
Posted 2009-09-08T17:03:16.353
Reputation: 18 979
3
gsharp is correct, the syntax to display all EFS encrypted files on drive C: is
cipher /s:c:\ |findstr "^E"
Pay attention to the pipe character, which is usually found on the \ key. The findstr command ^E looks for the E at the beginning of the line. Also pay attention that the /s has a colon after it and the drive letter, all with no spaces.
The downside is only the filenames are returned, there is no directory structure provided.
chris
Posted 2009-09-08T17:03:16.353
Reputation: 31
0
For Win7 users: I just had the same problem, (someone sent me a zip file prepared on a mac, that for some reason encrypted itself on decompression), and I started to get the EFS Key backup prompt.
cipher /s:c:\ |findstr "^E"
and its variants returned no information.
however I was able to find the encrypted directories with:
cipher /u
Frank Thomas
Posted 2009-09-08T17:03:16.353
Reputation: 29 039
The command listed here is incorrect (at least in win7). It should be: >cipher /s:C:\ /h | findstr "^.E" >> C:\efs_found.txt && echo:"Encrypted files found" Notice the colon after the /s. – None – 2012-07-15T12:04:06.413