EFS, cipher /r missing, and other EFS Notes

-- 

Export / Backup / Generate Key / Update EFS certificate used on previously encrypted files

Run: rekeywiz - this will bring up a GUI - use it to export the key - and THEN re-encrypt all previously encrypted files to use that key (nice GUI). Somehow you can get multiple EFS certificates for your login (maybe when they expire or when the format changes to newer encryption standards, I'm not sure).

Reference: https://superuser.com/questions/957541/when-multiple-encrypting-file-system-certificates-are-installed-which-one-is-us

AVOID: Export EFS key from command line, Windows 10 (probably much earlier too). cipher /x - Then you get prompts. Saves in current folder (there is an option to specify path).

 

See EFS Certificate in Use

Run: cipher /y - this will show thumbprint of the currently used EFS certificate, this should match the cert selected in rekeywiz.


tags: security, efs, cipher.exe, NTFS

 

---

Not sure what's going on...

The stupid domain recovery agent (DRA) EFS keys expired on the network I'm on right now (again).

This KB document specifies running "cipher /r", that doesn't seem to exist as a cipher option on the Windows 2000 Server (SBS) that is the domain controller here.  Fortunately, it does exist on XP.  Go figure.
http://support.microsoft.com/kb/929103

We use encryption for off-site backups... updating the EFS keys is not an annual task that was planned for this backup system.  Truecrypt is looking better every time I have to fiddle with this stupid EFS thing.
 

Related Scribbles:
  • Security
  • Windows Undelete, Shadow Copies, etc.
  • NTFS Notes
  • Backup Tricks and Links


  • ID: 886
    Author:
    leonard
    Date Updated:
    2021-07-16 17:59:25
    Date Created:
    2008-01-03 12:07:38

    Edit

    Comments?
     >> Leonard Chan's Homepage  >> Scribble Web  >> EFS, cipher /r missing, and other EFS Notes
    leonard.lotus-land.ca is hosted by Perceptus Solutions Inc.