Windows – EFS – Find out what’s encrypted


Since a few days when I start Windows Vista i get a Popup from "Encrypting File System" (coming from process efsui.exe) asking me to backup the certificate and key.

I don't know what i did to get this message (The last SW i did install was google desktop).

Now i'm wondering what directories or file are encrypted with EFS.
Is there a way to found out?

Thanks for your help.

Best Answer

  • You can trying using this batch file :

    @echo off
    :: Set the varibles - Use Quotes "" if there are spaces in the source or log path
    set log_path=C:\EFS_Find
    :: Find Encrypted Files
    cipher /s C:\ | findstr "^.E" >> %log_path%\found.txt && echo:Encrypted files found"
    :: Find Hidden Files
    attrib /s C:\ 2>nul | findstr "^....H" >> %log_path%\found.txt && echo:Hidden files found"  

    This batch file will scan your C:\ drive for all EFS encrypted files (and also hidden files), echo on the screen every time it finds one, and record all instances of encrypted files found into C:\EFS_Find\found.txt.

    For a command-line approach to finding just encrypted files, you can type in the command-line :

    cipher /s:C:\ | findstr "^.E" >> C:\efs_found.txt && echo:Encrypted files found"

    This will search your entire C:\ drive for encrypted files, and dump it into C:\efs_found.txt.

    Modified from the solution found here.

    To disable EFS on your Vista system, I refer you to the link here :

    How to Disable or Enabled EFS Encryption in Vista