NTFS Encryption Utility — windowssystem32cipher.exe
NTFS Encryption runs invisibly in the background, and is used to prevent unauthorized access to your data by other users on your system or network. Cipher, included only with Windows XP Professional, allows you to view or configure the automatic file encryption on NTFS drives from the command prompt. Most of the features of this tool can be more easily accessed by right-clicking on a file or folder, selecting Properties, clicking Advanced, and then turning on the "Encrypt contents to secure data" option.
If you run the NTFS Encryption Utility without any options, it will display the encryption settings for the current directory and all its contents. Otherwise, specify any of the following options:
cipher [/e|/d] [/s] [/a] [/i] [/f] [/q] [/h] [filename
] cipher [ /k | /r:efs_file
| /w:dir
| /u [/n]]
Option |
Description |
---|---|
|
Specifies a file, folder, or group of files (using wildcards; see Chapter 6). |
/e |
Encrypts the specified file(s) or marks the specified folder(s) such that any files added will be automatically encrypted. |
/d |
Decrypts the specified file(s); opposite of /e. |
/s |
Encrypts all subfolders of the specified folder(s). |
/a |
Operates on folders and all the files contained therein. |
/i |
Ignores errors. |
/f |
Forces encryption on already-encrypted files. |
/q |
Quiet mode; report only the most essential information. |
/h |
Includes files with hidden or system attributes set. |
/k |
Generates and displays a new file encryption key for the current user; not valid with any other options. |
/r: |
Generates an EFS (Encrypting File System) recovery agent key and certificate, then writes them to efs_file.pfx (containing the certificate and private key) and efs_file.cer file (containing only the certificate). |
/w: |
"Wipes" the drive containing
directory |
/u |
Updates all encrypted files on all local drives to ensure that your file encryption key or recovery agent key are current; not valid with any other options except /n. |
/n |
Lists encrypted files without modifying them; type
|