topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday November 10, 2024, 2:34 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Detect and list all files with windows encryption enabled  (Read 2859 times)

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
This is part of a project that is gradually getting done that to the help for several nice DC Posters.  Due to problems that came up on during the project, I need to locate a method of recusively searching files for a specific property.  At first, I had thought the file length could be used and to that end came up with a simple one-liner which can scan for and make a list  of all zero length files.  Unfortunately, not all of them are zero length.  
The problem is (was) "Windows encryption" which had been used apparently at some point on many of the files which makes them impervious to overwriting by non encrypted versions of the same file whether it is newer or not.  
I have decided my only choice is to locate them all in advance, copy the encrypted versions to a new sub-folder which will then allow me to copy the unencrypted version into the vacated sub-folder.  This is important because the location of these files has to remain as it is but the encrypted ones have no keys (or if they do I doubt anyone would know where they are) which effectively makes them worthless.  I need to find them and move them out of the way to make room for copies of the same files and folders which are also on other disks in their unencrypted format.  
Some of these files showed zero length and I had hoped they would all be such.  Unfortunately this was not the case.
If it is of any use to someone here is my version for finding Zero length files and copying the names to a list.  I am not sure how to edit this to scan for windows encryption though.

Code: Text [Select]
  1. @echo off
  2.    for /r %%F in (*) do if %%~zF==0 echo “%%F” >> zerobytefiles.txt
This was written for use in a batch file and could be modified for direct entry by removing the extra %'s.
4WD  I expect you will knock this one out of the ballpark?
« Last Edit: May 20, 2015, 06:48 PM by questorfla »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Detect and list all files with windows encryption enabled
« Reply #1 on: May 21, 2015, 03:53 AM »
cipher /U /N

/U   Tries to touch all the encrypted files on local drives. This will update user's file encryption key or recovery keys to the current ones if they are changed. This option does not work with other options except /N.

/N   This option only works with /U. This will prevent keys being updated. This is used to find all the encrypted files on the local drives.

Make sure you use the /N parameter.

See here too.
« Last Edit: May 21, 2015, 09:03 PM by 4wd »

questorfla

  • Supporting Member
  • Joined in 2012
  • **
  • Posts: 570
  • Fighting Slime all the Time
    • View Profile
    • Donate to Member
Re: Detect and list all files with windows encryption enabled
« Reply #2 on: May 28, 2015, 10:55 PM »
I SWEAR 4WD where in the heck do you find all this stuff.
I fully expected to get an "Invalid Command" when i typed that but ...It worked.
YU Da Man ..                   :Thmbsup:   ;) As usual.  I hope i can get it to run inside the same recursive scanner.

Thanks for that.  I had been trying out some useful (or not) utilities and after running one of them got a Little "chicken" about using things i could not verify how they worked before using them.

One of these did a great job of cleaning up the system hosting these files.  Including removing All the stored passwords in my browsers which , I admit, are not the most "secure" places to keep them but after a while i kind of forgot they were even there.  And now.. They ARE NOT there for real! Almost could not get back in here.

Anyway, the author gave me fair warning and the utility is 100% great stuff IF you heed the warnings.  Now if I can only find where I put the utility when i downloaded it :(.    It was called system cleanup or some such and has a thousand options of all kinds

I can now modify my recursive search script to find and remove both zero length files AND any encrypted ones.  I hope there is a way to get the command to differentiate between System encrypted and User encrypted. ( I think <hope?>it is a different algorithm )?

I would not want to " clean my clock " on any normal system files just get rid of old document files that can't be opened anyway.  They got encrypted with the early version of EFS on Server 2003 that makes the names look "green".  The keys for them are long gone and the files need to be gone too as no one can open them now. 

Anyway.  Request was Solved 100%



4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Detect and list all files with windows encryption enabled
« Reply #3 on: May 29, 2015, 01:53 AM »
cipher's also good for clearing data from unused blocks on hard drives, ie. make deleted stuff unrecoverable.