How to remove Encrypted flag when copying a file from a HDD to a USB drive?

Environment: Windows 7, but applies to other EFS-compatible Windows versions

I have a file that is encrypted using standard Windows EFS encryption. When I copy that file to a USB drive using Total Commander or Explorer, the file stays encrypted at the destination.

Such encrypted file is inaccessible on any other Windows PC where my USB drive gets plugged in. I could import my personal certificates on that PC, but that's about the last thing I would like to do.

I would like the copying process automatically decrypt my file when the file is copied to a removable drive. Is there a way to tell Windows to do that?

A brute-force way to decrypt the file on-the-fly would be to switch to FAT as a file system on my USB drive, but I don't want to do that either.

Thanks in advance for any hints!

vladimir

Posted 2010-09-13T14:59:48.110

Reputation: 101

True, using FAT (or exFAT) on the USB drive is a bit crude, but it appears to be the only truly automatic approach currently available. – RomanSt – 2014-04-17T15:22:00.713

Answers

RichCopy is a Free utility which can remove encryption on the fly while copying files and folders between NTFS formatted drives. (No need of FAT32 partition to decrypt)
To access the setting, first Check 'Advanced' from 'View' menu. Then go to 'Copy Options' > Default > File attributes, Error Handling > File atttibutes to remove > Encrypted
It is available at http://technet.microsoft.com/en-us/magazine/2009.04.utilityspotlight.aspx

Milano

Posted 2010-09-13T14:59:48.110

Reputation: 31

This tool seems to work exactly as advertised - great find! – Jonas Heidelberg – 2015-01-08T10:03:38.720

No need of FAT32 partition to decrypt - not entirely true, Windows 10 leaves this attribute checked when copying to FAT32 volumes, leaving the file practically unreadable. https://answers.microsoft.com/en-us/windows/forum/windows_10-files/windows-10-corrupts-files-without-warning-on-sd-cf/e2913a4a-201c-4646-a1b2-661e47419b80 – jazzcat – 2017-02-14T10:27:52.747

Perhaps with a batch file you could do something like that :

solution 1

Create a mycopy.cmd file (in your PATH or in your "user profile directory") with the two lines :

COPY %1 %2
CIPHER /D %2

With the Windows+R keys open the execute dialog en type:

mycopy file-to-be-copied target-directory

solution 2

If the target directory is always the same you could simplify the file mycopy.cmd file as this

COPY %1 target-directory
CIPHER /D  target-directory

Putting the file in your SendTo directory (%userprofile%\AppData\Roaming\Microsoft\Windows\SendTo) will provide you a new option mycopy.cmd when you make a right clic on a file (in the send to sub menu)

CmPi

Posted 2010-09-13T14:59:48.110

Reputation: 166

Just remember that CIPHER /D can take a long time. Especially for big files, like a 1.5gb movie. Especially on a USB drive – jazzcat – 2017-02-14T10:23:20.763

The thing that worked for me best, using Windows Command Prompt, is below (and the link where it is described). I had to use this because I had a complex folder structure and lots of files deep in the hierarchy that were encrypted, so it was not feasible to do it one at a time manually.

Encrypt/decrypt folders (recursively in Windows) https://www.windows-commandline.com/cipher-command-line-encryption-utility/

Encrypt recursively

cipher  /A  /E / S:directoryname

Decrypt recursively

cipher  /A  /D / S:directoryname

Sabin

Posted 2010-09-13T14:59:48.110

Reputation: 1

When copying an encrypted file to a destination that supports EFS, Windows will always carry over the encryption flag, i.e. encrypt the copied file (source: Win API). When creating a new file, Windows will use the encryption setting of the folder to determine whether or not to encrypt the file.

Try the following:

After copying, open the properties of the destination folder.
Enable encryption for it but do not choose to encrypt child objects.
Apply changes
Disable encryption for the folder and this time choose to decrypt all child objects.

That should do the trick.

Another option is to copy the data to an interim location that does not support encryption (such as a FAT volume), then move it to its destination.

Either way the process may be lengthy, but the only way to decrypt a file on the fly during copying would be to code your own copy utility, bypassing the CopyFile() API call but instead reading the source file and creating an identical file at the destination.

user149408

Posted 2010-09-13T14:59:48.110

Reputation: 778

Addition to the answer from CmPi:

If you have already copied your folder (e.g. RootFolder) and it is encrypted, you can recursively decrypt all the files and sub-folders with the /s option:

cipher /d /s:RootFolder

Note that you can do it from any PC as long as you exported the certificate and key used to encrypt the files and you imported them from the different PC. Check this link for info on how to transfer EFS certificates: http://windows.microsoft.com/en-us/windows-vista/share-encrypted-files

Rusty Gear

Posted 2010-09-13T14:59:48.110

Reputation: 21

-2

To decrypt the file when its copied to your USB media, disable encryption on the USB media. It can still use NTFS (which is what I assume you're using).

BillP3rd

Posted 2010-09-13T14:59:48.110

Reputation: 5 353

Yes, I use NTFS. Can the EFS encryption really be disabled on per-drive basis? What would be the way to do it? I haven't been able to find any. And btw, the destination folder is not set to have encrypted content (through Properties). – vladimir – 2010-09-14T06:50:21.697

You're correct. I was thinking of the option that get's checked when a partition is formatted that enables file encryption for the drive. It implies that it can also be disabled (or, more accurately, not enabled). What you can do is copy from the encrypted drive/folder to a folder on the USB media that has the encryption flag cleared. This will cause the files to be decrypted on the fly. – BillP3rd – 2010-09-15T01:52:52.457

3Copying from an encrypted HDD folder to a USB drive folder that does not have the encryption flag set is exactly the case I'm having the issue with. That does not work, the file gets copied to the USB drive's folder without being decrypted. – vladimir – 2010-09-15T11:46:34.037