Using Efsinfo.exe to Determine Information About Encrypted Files

ID: Q243026

The information in this article applies to:

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server

SUMMARY

This article describes how to use the Efsinfo.exe utility from the Windows 2000 Resource Kit. You can use Efsinfo to determine who the designated Encrypting File System (EFS) recovery agent is for an encrypted file, and to determine who originally encrypted the file.

MORE INFORMATION

Using Efsinfo

To determine who the designated recovery agent is after installing the Windows 2000 Resource Kit:

Click Start, point to Programs, point to Accessories, and then click Command Prompt.

Use the cd (change directory) command to change to the folder that contains the encrypted file.

Type efsinfo /r /u filename, where filename is the name of the file you want to check. Or, leave the filename parameter off to report information for all the files in the current folder.

Sample Output from Efsinfo


EFSINFO /r /u Myfile.doc

Myfile.doc: Encrypted
  Users who can decrypt:
    DOMAINNAME\Username (CN=User Name,L=EFS,OU=EFS File Encryption Certificate)
  Recovery Agents:
    DOMAINNAME\EFSRecover (OU=EFS File Encryption Certificate, L=EFS, CN=EFSRecover)

The output indicates that the Myfile.doc file was encrypted by domain user "Username" from domain "Domainname." The "EFSRecover" account in domain "Domainname" is the designated EFS recovery agent for the file.

NOTE: Stand-alone Windows 2000 workstations and servers do not display the recovery agent information. The default recovery agent for all stand-alone computers is the local Administrator account.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q223316 Best Practices for Encrypting File System

Additional query words:

Keywords : kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo