Article ID: 243026 - View products that this article applies to.
This article was previously published under Q243026
This article describes how to use the Efsinfo.exe utility from the Windows 2000 Resource Kit. You can use Efsinfo to determine who the designated Encrypting File System (EFS) recovery agent is for an encrypted file, and to determine who originally encrypted the file.
efsinfo [/u] [/r] [/c] [/i] [/y] [/s:dir] [pathname[...]] [/?]
Using EfsinfoTo determine who the designated recovery agent is after installing the Windows 2000 Resource Kit:
Sample Output from Efsinfo
C:\Encrypt3>efsinfo /r /c /u C:\Encrypt3\New Text Document.txt: New Text Document.txt: Encrypted Users who can decrypt: MHUNTERDOMAIN\administrator (CN=administrator,L=EFS,OU=EFS File Encryption Certificate) Certificate thumbprint: A85D 0DC1 BB76 7450 C7AE 479C F6E8 F7FD A2BF 72B4 Recovery Agents: MHUNTERDOMAIN\administrator (OU=EFS File Encryption Certificate, L=EFS, CN=administrator) Certificate thumbprint: 8BE0 F03F 530E AC91 B72F CB18 7735 350E 9129 2458
You must have the proper thumbprint in order to decrypt a file.
The output indicates that the New Text Document.txt file was encrypted by domain user "administrator" from domain "MHUNTERDOMAIN." The "administrator" account in domain "MHUNTERDOMAIN" is the designated EFS recovery agent for the file.
NOTE: Stand-alone Windows 2000 workstations and servers do not display the recovery agent information. The default recovery agent for all stand-alone computers is the local Administrator account.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/223316/ )Best practices for the Encrypting File System
Article ID: 243026 - Last Review: March 1, 2007 - Revision: 4.2