How-To

How To Automate Microsoft EFS Encryption for Windows 7 XP or Vista

A few days ago I needed to create a script which would encrypt folders for my end users at work.  I wrote the code below then threw it into a login script which would then run as my users logged onto their systems.  The purpose of the encryption is to protect sensitive company data stored on desktops and laptops.  Although the process worked for me, I recommend you test it thoroughly before deploying!

The code below is a simple process which does a few things:

  1. Encrypts all data in the logged in users “My Documents” folder.
  2. Encrypts all data in the logged in users “Outlook” folder. This is the default location Outlook 2000 and Outlook 2003 stores .pst and .ost files.
  3. Pipes all output from the script into a file for later collection. The file can be located under the logged in user’s “My documents”. The file will be called %computername%.efs.

Windows XP

REM @echo off
REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1
REM https://www.groovypost.com
REM
REM Script Created by MrGroove (groovyPost.com)
REM
REM This program is free software; not to be redistributed
REM without permission of groovyPost.com
REM
echo ***** >> "%userprofile%\my documents\%computername%.efs"
REM EFS Encryption Script Version 1.1
REM ======================================================
REM First, let's create a file to store all the work were doing and for history
echo ****** >> "%userprofile%\my documents\%computername%.efs"
echo ****** >> "%userprofile%\my documents\%computername%.efs"
REM ======================================================
echo %date% %time% >> "%userprofile%\My documents\%computername%.efs"
REM ===================================================
REM Now were going to update all files to ensure no files are encrypted with old keys
cipher /u >> "%userprofile%\My documents\%computername%.efs"
REM ===================================================
REM Begin encryption of the "My Documents" folder
cipher /a /e /h /i /q /s:"%userprofile%\My Documents" >> "%userprofile%\My documents\%computername%.efs"
REM ======================================================
REM Begin encrption of the "Outlook" folder where the OST and PST files are stored
cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" >> "%userprofile%\My documents\%computername%.efs"
REM ==================================================
REM More House Keeping
echo %date% %time% >> "%userprofile%\My documents\%computername%.efs"
echo ****** >> "%userprofile%\My documents\%computername%.efs"
echo ****** >> "%userprofile%\My documents\%computername%.efs"
REM ==================================================
REM ==================================================
REM All Done!

Windows 7

REM @echo off
REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1
REM https://www.groovypost.com
REM
REM Script Created by MrGroove (groovyPost.com)
REM
REM This program is free software; not to be redistributed
REM without permission of groovyPost.com
REM
echo ***** >> "%userprofile%\documents\%computername%.efs"
REM EFS Encryption Script Version 1.1
REM ======================================================
REM First, let's create a file to store all the work were doing and for history
echo ****** >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
REM ======================================================
echo %date% %time% >> "%userprofile%\documents\%computername%.efs"
REM ===================================================
REM Now were going to update all files to ensure no files are encrypted with old keys
cipher /u >> "%userprofile%\documents\%computername%.efs"
REM ===================================================
REM Begin encryption of the "Documents" folder
cipher /a /e /h /i /q /s:"%userprofile%\Documents" >> "%userprofile%\documents\%computername%.efs"
REM ======================================================
REM Begin encrption of the "Outlook" folder where the OST and PST files are stored
cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" >> "%userprofile%\documents\%computername%.efs"
REM ==================================================
REM More House Keeping
echo %date% %time% >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
REM ==================================================
REM ==================================================
REM All Done!

8 Comments

8 Comments

  1. Jim C  

    I get a script error, invalid character line 1 / 6. Can one just copy and paste this script or do you need to delete some of the characters?

  2. Quequi  

    Script with Corrections

    @echo off
    REM EFS Encryption Script Version 1.0

    REM ======================================================
    REM First, let?s create a file to store all the work were doing.
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    cipher /u >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    REM Begin encryption of the ?my document? folder
    cipher /a /e /h /i /q /s:”%userprofile%\My Documents” >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    REM Begin encrption of the ?Outlook? folder where the OST and PST files are stored
    cipher /a /e /h /i /q /s:”%userprofile%\Local Settings\Application Data\Microsoft\Outlook” >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM More House Keeping
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM ==================================================
    REM All Done!

    • @Quequi, Hey there! I appreciate your feedback and notifying me that the page was messed up. Not sure how or when it happend but all my ” had become ? and all my \ had been removed. WordPress or Live Writer must have done something funky and I didn’t even know it!

      Thanks for the re-write and notification and…. If you feel up to the task to build another script for Windows 7 and Windows Vista, let me know or post it in the forum. 😉

  3. Mike  

    It seems wordpress has messed up your code again. There are a ton of ????????’s scattered through out it.

  4. Terrific summary, this is very similar to a site that I have. Please check it out sometime and feel free to leave me a comenet on it and tell me what you think. Im always looking for feedback.

  5. WordPress screwed up the code again…. fixed

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top