The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Using EFS and Cipher.exe to automate adding local users to encrypted files

    Discussion in 'Windows OS and Software' started by RCB, Jul 30, 2013.

  1. RCB

    RCB Notebook Deity

    Reputations:
    644
    Messages:
    1,065
    Likes Received:
    103
    Trophy Points:
    81
    Recently I started using EFS (Encrypting File System) along with Bitlocker on W7 64 SP1 Ultimate.

    What I'd like to do is add a (User) certificate from another local account to multiple files at once (instead of, one at a time).

    I've tried this and various others: cipher /adduser /certfile:"user name" /s:"X:\location path" /b /h *.*

    Each time the help is thrown up and it won't process the command. There are no examples of syntax on the internet to begin to figure this out.


    Any help/tips ?
     
    RCB, Jul 30, 2013
    #1
  2. RCB

    RCB Notebook Deity

    Reputations:
    644
    Messages:
    1,065
    Likes Received:
    103
    Trophy Points:
    81
    Over-Sensitive little monster.

    But hey, it does work. Turns out placement of the /S: switch was causing problems. Maybe it's just the help docs. I don't know.

    This I do know works, examples (no worries it's a fake hash):

    Adds User to all files in the encrypted folder (note CERTHASH begin/end spaces),
    CIPHER /ADDUSER /CERTHASH:" 9f 7d 42 fg c4 9d 9g 84 6f 36 1g f6 f3 c5 47 30 64 75 1a h4 " /B /H "Drive:\LocationPath\*.*"

    Same thing as above w/o CERTHASH spaces (no quotes needed)
    CIPHER /ADDUSER /CERTHASH:9f7d42fgc49d9g846f361gf6f3c5473064751ah4 /B /H "Drive:\LocationPath\*.*"

    Specify encrypted files including within subfolders to add user to (note, no ending \ backslash after location path),
    CIPHER /ADDUSER /CERTHASH:9f7d42fgc49d9g846f361gf6f3c5473064751ah4 /B /H /S:"Drive:\LocationPath" "*.txt"

    Pretty cool not to manually have to add my admin user account to my standard account EFS files, over a hundred files - bullet dodge - whew.

    Still can't get /CERTFILE: spec to accept anything that I could possibly see to use.
     
    RCB, Jul 31, 2013
    #2
  3. RCB

    RCB Notebook Deity

    Reputations:
    644
    Messages:
    1,065
    Likes Received:
    103
    Trophy Points:
    81
    UPDATE:

    Ok, I was able to use the /CERTFILE: spec by exporting the certificate for the Administrator account (in Trusted People) from Standard account using certmgr.msc then export.

    I then included the saved file as the FileName part per the spec: Cipher

    and it successfully adds the user to the encrypted file.

    Now that I can do this I need to ask if someone could tell me how to access the Certificate Manager directly in a path so as to avoid having to export the needed certificate first before it can be used?
     
    RCB, Aug 1, 2013
    #3