Article ID: 814599 - View products that this article applies to.
Administrators can use Cipher.exe to encrypt and decrypt data on drives that use the NTFS file system and to view the encryption status of files and folders from a command prompt. The version of Cipher.exe that is included with Windows Server 2003 includes the ability to overwrite data that you have deleted so that it cannot be recovered or accessed.
When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, you can recover the deleted data by using a low-level disk editor or data-recovery software.
When you encrypt plain text files, Encrypting File System (EFS) makes a backup copy of the file so that the data is not lost if an error occurs during the encryption process. After the encryption is complete, the backup copy is deleted. As with other deleted files, the data is not completely removed until it has been overwritten. The Windows Server 2003 version of the Cipher utility is designed to prevent unauthorized recovery of such data.
To overwrite deleted data on a volume by using Cipher.exe, use the /w switch with the cipher command:
For additional information about related topics, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/298009/EN-US/ )Cipher.exe Security Tool for the Encrypting File System
(https://support.microsoft.com/kb/223316/ )Best Practices for the Encrypting File System
Article ID: 814599 - Last Review: September 11, 2011 - Revision: 8.0