Quickly Check Which User Encrypted a File
How can I easily discover who’s the user that encrypted a file?
The Windows Explorer user interface (UI) shows which files are encrypted but not who encrypted them, causing a lot of confusion when trying to access specific files needed by other users. As an administrator, you could rectify the situation by decrypting the files. But wouldn’t you like to know the identity of the dastard that caused the trouble?
The Windows 2000 Resource Kit includes the tool Efsinfo.exe, which you can use to view information about the recovery agent accounts. You can use Efsinfo to verify what recovery accounts are current for an encrypted file.
To determine who the designated recovery agent is after installing the Windows 2000 Resource Kit:
- Click Start, point to Programs, point to Accessories, and then click Command Prompt.
- Use the cd (change directory) command to change to the folder that contains the encrypted file.
- Type efsinfo /r /u filename, where filename is the name of the file you want to check. Or, leave the filename parameter off to report information for all the files in the current folder.
Sample Output from Efsinfo
EFSINFO /r /u Myfile.doc Myfile.doc: Encrypted Users who can decrypt: DOMAINNAME\Username (CN=User Name,L=EFS,OU=EFS File Encryption Certificate) Recovery Agents: DOMAINNAME\EFSRecover (OU=EFS File Encryption Certificate, L=EFS, CN=EFSRecover)
The output indicates that the Myfile.doc file was encrypted by domain user “Username” from domain “Domainname.” The “EFSRecover” account in domain “Domainname” is the designated EFS recovery agent for the file.
Note: Stand-alone Windows 2000 workstations and servers do not display the recovery agent information. The default recovery agent for all stand-alone computers is the local Administrator account.
You can download Efsinfo from the Download Free Windows 2000 Resource Kit Tools page.
You might also want to read the following related articles:
- Access Denied Error in EFS Encrypted Files
- Compression and Other Attributes in EFS
- Copy Encrypted Files on the Network
- Data Protection and Recovery in Windows XP
- Disable EFS in Windows 2000
- Disable EFS in Windows XP/2003
- How does EFS Work?
- New EFS Features in Windows XP
- Quickly Check EFS Attributes
- What’s EFS?
More in Security
Microsoft Defender for Endpoint Adds Tamper Protection on macOS
Aug 16, 2022 | Rabia Noureen
Microsoft Sentinel Now Lets IT Admins Detect Low and Slow Password Spray Attacks
Aug 15, 2022 | Rabia Noureen
Google Workspace Adds Stronger Protections to Sensitive Accounts
Aug 11, 2022 | Rabia Noureen
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
VMware Releases Updates to Address Critical Authentication Bypass Flaw
Aug 3, 2022 | Rabia Noureen
Most popular on petri