Re: Finding EFS Encrypted Files on a volume

[ryallp () hotmail com]

If you are going to lose the ability for them to decrypt their files, then you need to decrypt them beforehand anyway 
to be safe. So just run CIPHER /S /D over the entire disk while using an account that has the EFS recovery agent 
certificate in its store.

Afterwards let everyone know that if they want to keep encrypted files they need to re-encrypt them now. There is no 
other way as for the files to be encrypted with their EFS cert they have to do it. Or you have to visit each file 
individually to add them as alternate EFS users. That workload is big. 

You could create an encrypted folder in each person's home dir and set its attributes to encrypt and they can just drag 
files in there afterwards to encrypt. That way you'll know in future where any encrypted files should be.

Also you will only lose the decryption ability if the accounts are recreated. If you are upgrading an AD in place and 
retaining the user database, you'll be ok. Just remember to back up your EFS recovery cert and no matter what happens, 
you'll be covered.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------