Top Nav

How To Automate Microsoft EFS Encryption for Windows 7 XP or Vista

A few days ago I needed to create a script which would encrypt folders for my end users at work.  I wrote the code below then threw it into a login script which would then run as my users logged onto their systems.  The purpose of the encryption is to protect sensitive company data stored on desktops and laptops.  Although the process worked for me, I recommend you test it thoroughly before deploying!

The code below is a simple process which does a few things:

  1. Encrypts all data in the logged in users “My Documents” folder.
  2. Encrypts all data in the logged in users “Outlook” folder. This is the default location Outlook 2000 and Outlook 2003 stores .pst and .ost files.
  3. Pipes all output from the script into a file for later collection. The file can be located under the logged in user’s “My documents”. The file will be called %computername%.efs.

Windows XP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 
REM @echo off REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1 REM http://www.groovyPost.com REM REM Script Created by MrGroove (groovyPost.com) REM REM This program is free software; not to be redistributed REM without permission of groovyPost.com REM echo ***** >> "%userprofile%\my documents\%computername%.efs" REM EFS Encryption Script Version 1.1 REM ====================================================== REM First, let's create a file to store all the work were doing and for history echo ****** >> "%userprofile%\my documents\%computername%.efs" echo ****** >> "%userprofile%\my documents\%computername%.efs" REM ====================================================== echo %date% %time% >> "%userprofile%\My documents\%computername%.efs" REM =================================================== REM Now were going to update all files to ensure no files are encrypted with old keys cipher /u >> "%userprofile%\My documents\%computername%.efs" REM =================================================== REM Begin encryption of the "My Documents" folder cipher /a /e /h /i /q /s:"%userprofile%\My Documents" >> "%userprofile%\My documents\%computername%.efs" REM ====================================================== REM Begin encrption of the "Outlook" folder where the OST and PST files are stored cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" >> "%userprofile%\My documents\%computername%.efs" REM ================================================== REM More House Keeping echo %date% %time% >> "%userprofile%\My documents\%computername%.efs" echo ****** >> "%userprofile%\My documents\%computername%.efs" echo ****** >> "%userprofile%\My documents\%computername%.efs" REM ================================================== REM ================================================== REM All Done!

 

Windows 7

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 
REM @echo off REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1 REM http://www.groovyPost.com REM REM Script Created by MrGroove (groovyPost.com) REM REM This program is free software; not to be redistributed REM without permission of groovyPost.com REM echo ***** >> "%userprofile%\documents\%computername%.efs" REM EFS Encryption Script Version 1.1 REM ====================================================== REM First, let's create a file to store all the work were doing and for history echo ****** >> "%userprofile%\documents\%computername%.efs" echo ****** >> "%userprofile%\documents\%computername%.efs" REM ====================================================== echo %date% %time% >> "%userprofile%\documents\%computername%.efs" REM =================================================== REM Now were going to update all files to ensure no files are encrypted with old keys cipher /u >> "%userprofile%\documents\%computername%.efs" REM =================================================== REM Begin encryption of the "Documents" folder cipher /a /e /h /i /q /s:"%userprofile%\Documents" >> "%userprofile%\documents\%computername%.efs" REM ====================================================== REM Begin encrption of the "Outlook" folder where the OST and PST files are stored cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" >> "%userprofile%\documents\%computername%.efs" REM ================================================== REM More House Keeping echo %date% %time% >> "%userprofile%\documents\%computername%.efs" echo ****** >> "%userprofile%\documents\%computername%.efs" echo ****** >> "%userprofile%\documents\%computername%.efs" REM ================================================== REM ================================================== REM All Done!

More Reading:

, , , , , ,

8 Responses to How To Automate Microsoft EFS Encryption for Windows 7 XP or Vista

  1. Jim C March 12, 2008 at 9:51 am #

    I get a script error, invalid character line 1 / 6. Can one just copy and paste this script or do you need to delete some of the characters?

  2. Quequi May 19, 2009 at 6:07 am #

    Script with Corrections

    @echo off
    REM EFS Encryption Script Version 1.0

    REM ======================================================
    REM First, let?s create a file to store all the work were doing.
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    cipher /u >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    REM Begin encryption of the ?my document? folder
    cipher /a /e /h /i /q /s:”%userprofile%\My Documents” >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    REM Begin encrption of the ?Outlook? folder where the OST and PST files are stored
    cipher /a /e /h /i /q /s:”%userprofile%\Local Settings\Application Data\Microsoft\Outlook” >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM More House Keeping
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM ==================================================
    REM All Done!

    • MrGroove May 19, 2009 at 3:23 pm #

      @Quequi, Hey there! I appreciate your feedback and notifying me that the page was messed up. Not sure how or when it happend but all my ” had become ? and all my \ had been removed. WordPress or Live Writer must have done something funky and I didn’t even know it!

      Thanks for the re-write and notification and…. If you feel up to the task to build another script for Windows 7 and Windows Vista, let me know or post it in the forum. 😉

  3. Mike September 1, 2009 at 1:47 pm #

    It seems wordpress has messed up your code again. There are a ton of ????????’s scattered through out it.

    • MrGroove September 2, 2009 at 8:50 am #

      @Mike,
      Super.. Thnx for the fyi.

  4. Emile Krupp February 7, 2011 at 3:23 pm #

    Terrific summary, this is very similar to a site that I have. Please check it out sometime and feel free to leave me a comenet on it and tell me what you think. Im always looking for feedback.

  5. MrGroove August 12, 2011 at 5:02 am #

    WordPress screwed up the code again…. fixed

Leave a Reply