This article was previously published under Q243026
This article describes how to use the Efsinfo.exe utility from the Windows 2000 Resource Kit. You can use Efsinfo to determine who the designated Encrypting File System (EFS) recovery agent is for an encrypted file, and to determine who originally encrypted the file.
/u displays encryption information about the files and folders in the current folder. This is the default option. If you run Efsinfo without switches the same output is generated.
/r displays Recovery agent information.
/c displays certificate thumbnail information.
/i continues to perform the specified operation even after errors have occurred. By default, Efsinfo stops when an error is encountered.
/y displays the current EFS certificate thumbnail on the local computer. The files that are specified might not be on this computer. If no items are returned, there are no encrypted files on the computer.
/s:dir performs the specified operation on folders in the given folder and all subfolders.
pathname[...] specifies the path of one or more files or folders to display encryption information for.
/? displays command-line Help.
To determine who the designated recovery agent is after installing the Windows 2000 Resource Kit:
Click Start, point to Programs, point to Accessories, and then click Command Prompt.
Use the cd (change directory) command to change to the folder that contains the encrypted file.
Type efsinfo /r /u filename, where filename is the name of the file you want to check. Or, leave the filename parameter off to report information for all the files in the current folder.
You must have the proper thumbprint in order to decrypt a file.
The output indicates that the New Text Document.txt file was encrypted by domain user "administrator" from domain "MHUNTERDOMAIN." The "administrator" account in domain "MHUNTERDOMAIN" is the designated EFS recovery agent for the file.
NOTE: Stand-alone Windows 2000 workstations and servers do not display the recovery agent information. The default recovery agent for all stand-alone computers is the local Administrator account.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
223316 Best practices for the Encrypting File System