
close
close
Security threats keep coming! Learn how to protect your organization.
How can I easily discover who’s the user that encrypted a file?
The Windows Explorer user interface (UI) shows which files are encrypted but not who encrypted them, causing a lot of confusion when trying to access specific files needed by other users. As an administrator, you could rectify the situation by decrypting the files. But wouldn’t you like to know the identity of the dastard that caused the trouble?
The Windows 2000 Resource Kit includes the tool Efsinfo.exe, which you can use to view information about the recovery agent accounts. You can use Efsinfo to verify what recovery accounts are current for an encrypted file.
To determine who the designated recovery agent is after installing the Windows 2000 Resource Kit:
Sample Output from Efsinfo
advertisment
EFSINFO /r /u Myfile.doc Myfile.doc: Encrypted Users who can decrypt: DOMAINNAME\Username (CN=User Name,L=EFS,OU=EFS File Encryption Certificate) Recovery Agents: DOMAINNAME\EFSRecover (OU=EFS File Encryption Certificate, L=EFS, CN=EFSRecover)
The output indicates that the Myfile.doc file was encrypted by domain user “Username” from domain “Domainname.” The “EFSRecover” account in domain “Domainname” is the designated EFS recovery agent for the file.
For example:
Note: Stand-alone Windows 2000 workstations and servers do not display the recovery agent information. The default recovery agent for all stand-alone computers is the local Administrator account.
You can download Efsinfo from the Download Free Windows 2000 Resource Kit Tools page.
You might also want to read the following related articles:
More in Security
Microsoft Defender for Individuals is Now Available on Desktop and Mobile
Jun 16, 2022 | Rabia Noureen
Why You Should Restrict Access to Office 365 Using Microsoft Conditional Access Policies
Jun 15, 2022 | Liam Cleary
Researchers Discover New Symbiote Linux Malware Targeting Financial Institutions
Jun 10, 2022 | Rabia Noureen
Most popular on petri