![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2023-09-26
目錄
Notes
If the parent directory is not encrypted, an encrypted file could become decrypted when it is modified.
=> Therefore, when you encrypt a file, you should also encrypt the parent directory.
An administrator can add the contents of a .cer file to the EFS recovery policy
to create the recovery agent for users, and then import the .pfx file to recover individual files.
查看 Default 的 EFS 加密 Certificate
查看預設的 EFS certificate 的 thumbprint
cipher /y
EFS certificate thumbprint for computer TIM-PC: 0944 ...
查看加密狀況
# Encrypted ; Unencrypted
i.e.
cipher # 當前位置
cipher "D:\EFS"
Listing D:\ New files added to this directory will not be encrypted. E EFS
cipher "D:\EFS\*"
Listing D:\EFS\ New files added to this directory will be encrypted. E test.txt
列出所有加密了的檔案
# "/u" Tries to touch all the encrypted files on local drives
# "/n" This option only works with /U. This will prevent keys being updated.
# This is used to find all the encrypted files on the local drives.
cipher /u /n
查看查 File
# /C Displays information on the encrypted file.
i.e.
cipher /c %userprofile%\Desktop\mount\mount_nas.bat
Listing C:\Users\tim\Desktop\mount\
New files added to this directory will be encrypted.
E mount_nas.bat
Compatibility Level:
Windows XP/Server 2003
Users who can decrypt:
TIM-PC\tim [tim(tim@DESKTOP-V9DB8DI)]
Certificate thumbprint: E9D1 ..
No recovery certificate found.
Key Information:
Algorithm: AES
Key Length: 256
Key Entropy: 256
加密一整個目錄
ie.
# /b Abort if an error is encountered.
# By default, CIPHER continues executing even if errors are encountered.
# "/s:" Folder & Subfolder
cipher /e /s:"D:\EFS" /b
Notes
Converting files from plaintext to ciphertext may leave sections of old
plaintext on the disk volume(s). It is recommended to use command
CIPHER /W:directory to clean up the disk after all converting is done.
解密一整個目錄
# "/d" Decrypts the specified files or directories
cipher /d /s:d:/encrypted_folder
Backup Certificate & Key
CIPHER /X[:efsfile] [filename]
i.e.
cipher /x "%UserProfile%\Desktop\EFSCertKeyBak"
Please type in the password to protect your .PFX file: Please retype the password to confirm: EFS certificate(s) is(are) backed up successfully.
