Cipher.exe is a command-line tool (included with Windows
2000) that you can use to manage encrypted data by using the Encrypting File
System (EFS). As of June 2001, Microsoft has developed an improved version of
the Cipher.exe tool that provides the ability to permanently overwrite (or
"wipe") all of the deleted data on a hard disk. This feature improves security
by ensuring that even an attacker who gained complete physical control of a
Windows 2000 computer would be unable to recover previously-deleted
data.
IMPORTANT: Please note the following important information:
| • | You must install Cipher.exe by using the installer package
instead of copying the new version of Cipher.exe to your computer. The tool
relies on additional NTFS functionality that is added as part of the
installation process. If you only copy the Cipher.exe file to your computer and
then run it, you could destroy data on the drive. |
| • | You must close all programs before you start
Cipher.exe. |
| • | Cipher.exe is not a cure-all that makes it safe to store
sensitive data in a plain-text format. Although you can use this tool to remove
sensitive data from a drive, if best practices are followed, such data would
not normally be created on the drive. For additional information about these best practices,
click the following article number to view the article in the Microsoft
Knowledge Base: 223316 (http://support.microsoft.com/kb/223316/EN-US/)
Best Practices for the Encrypting File System
|
For additional
information about the latest service pack for Windows 2000, click the article
number below to view the article in the Microsoft Knowledge Base:
260910 (http://support.microsoft.com/kb/260910/EN-US/) How to Obtain the Latest Windows 2000 Service Pack
Back to the top
How to Obtain Cipher.exe
Cipher.exe is available in Windows 2000 Service Pack 3 or later
or the Windows 2000 Security Rollup Package 1 (SRP1) or individually via the
links below.
For additional information on SRP1, click the article number
below to view the article in the Microsoft Knowledge Base:
311401 (http://support.microsoft.com/kb/311401/EN-US/) Windows 2000 Security Rollup Package 1 (SRP1), January 2002
Q298009_W2K_SP3_x86_en.exe contains the following
files:
Date Time Version Size Filename
------------------------------------------------------
May-30-2001 16:25 5.0.2195.3653 36,112 Cipher.exe
May-26-2001 07:48 5.0.2195.3649 512,272 Ntfs.sys
Back to the top
How to Use Cipher.exe
To overwrite the deallocated data:
| 1. | Quit all programs. |
| 2. | Click Start, click Run, and type cmd, and then press
ENTER. |
| 3. | Type cipher
/w:'folder', and then press
ENTER, where folder is optional and can be any
folder in a local volume that you want to clean. For example, the
cipher /w:c:\test command causes the deallocated space
on drive C: to be overwritten. If c:\test is a mount point or points to a
folder in another volume, deallocated space on that volume will be cleaned.
|
For more information about EFS, please see the following
Microsoft Web site:
Back to the top
Help and Support
