How-To

How To Automate Microsoft EFS Encryption for Windows 7 XP or Vista

Updated

A few days ago, I needed to create a script that would encrypt folders for my end-users at work. I wrote the code below and then threw it into a login script, which would then run as my users logged onto their systems. The purpose of encryption is to protect sensitive company data stored on desktops and laptops. Although the process worked for me, I recommend you test it thoroughly before deploying!

The code below is a simple process that does a few things:

  1. Encrypts all data in the logged-in user’s “My Documents” folder.
  2. Encrypts all data in the logged-in user’s “Outlook” folder. This is the default location of Outlook 2000 and Outlook 2003 store .ost and .pst files.
  3. Pipes all output from the script into a file for later collection. The file can be located under the logged-in user’s “My documents.” The file will be called %computername%.efs.

Windows XP

REM @echo off
REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1
REM https://www.groovypost.com
REM
REM Script Created by MrGroove (groovyPost.com)
REM
REM This program is free software; not to be redistributed
REM without permission of groovyPost.com
REM
echo ***** >> "%userprofile%\my documents\%computername%.efs"
REM EFS Encryption Script Version 1.1
REM ======================================================
REM First, let's create a file to store all the work were doing and for history
echo ****** >> "%userprofile%\my documents\%computername%.efs"
echo ****** >> "%userprofile%\my documents\%computername%.efs"
REM ======================================================
echo %date% %time% >> "%userprofile%\My documents\%computername%.efs"
REM ===================================================
REM Now were going to update all files to ensure no files are encrypted with old keys
cipher /u >> "%userprofile%\My documents\%computername%.efs"
REM ===================================================
REM Begin encryption of the "My Documents" folder
cipher /a /e /h /i /q /s:"%userprofile%\My Documents"
>> "%userprofile%\My documents\%computername%.efs"
REM ======================================================
REM Begin encrption of the "Outlook" folder where the OST and PST files are stored
cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" 
>> "%userprofile%\My documents\%computername%.efs"
REM ==================================================
REM More House Keeping
echo %date% %time% >> "%userprofile%\My documents\%computername%.efs"
echo ****** >> "%userprofile%\My documents\%computername%.efs"
echo ****** >> "%userprofile%\My documents\%computername%.efs"
REM ==================================================
REM ==================================================
REM All Done!

Windows 7

REM @echo off
REM EFS MyDoc & Outlook EFS Encryption Script Version 1.1
REM https://www.groovypost.com
REM
REM Script Created by MrGroove (groovyPost.com)
REM
REM This program is free software; not to be redistributed
REM without permission of groovyPost.com
REM
echo ***** >> "%userprofile%\documents\%computername%.efs"
REM EFS Encryption Script Version 1.1
REM ======================================================
REM First, let's create a file to store all the work were doing and for history
echo ****** >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
REM ======================================================
echo %date% %time% >> "%userprofile%\documents\%computername%.efs"
REM ===================================================
REM Now were going to update all files to ensure no files are encrypted with old keys
cipher /u >> "%userprofile%\documents\%computername%.efs"
REM ===================================================
REM Begin encryption of the "Documents" folder
cipher /a /e /h /i /q /s:"%userprofile%\Documents" >> 
"%userprofile%\documents\%computername%.efs"
REM ======================================================
REM Begin encrption of the "Outlook" folder where the OST and PST files are stored
cipher /a /e /h /i /q /s:"%userprofile%\Local Settings\Application Data\Microsoft\Outlook" >> 
"%userprofile%\documents\%computername%.efs"
REM ==================================================
REM More House Keeping
echo %date% %time% >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
echo ****** >> "%userprofile%\documents\%computername%.efs"
REM ==================================================
REM ==================================================
REM All Done!
8 Comments

8 Comments

  1. Jim C

    March 12, 2008 at 9:51 am

    I get a script error, invalid character line 1 / 6. Can one just copy and paste this script or do you need to delete some of the characters?

    • MrGroove

      August 12, 2011 at 5:03 am

      Should be fixed now.

  2. Quequi

    May 19, 2009 at 6:07 am

    Script with Corrections

    @echo off
    REM EFS Encryption Script Version 1.0

    REM ======================================================
    REM First, let?s create a file to store all the work were doing.
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    echo ?????? >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    cipher /u >> “%userprofile%\My documents\%computername%.efs”
    REM ===================================================
    REM Begin encryption of the ?my document? folder
    cipher /a /e /h /i /q /s:”%userprofile%\My Documents” >> “%userprofile%\My documents\%computername%.efs”
    REM ======================================================
    REM Begin encrption of the ?Outlook? folder where the OST and PST files are stored
    cipher /a /e /h /i /q /s:”%userprofile%\Local Settings\Application Data\Microsoft\Outlook” >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM More House Keeping
    echo %date% %time% >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    echo ??????? >> “%userprofile%\My documents\%computername%.efs”
    REM ==================================================
    REM ==================================================
    REM All Done!

    • MrGroove

      May 19, 2009 at 3:23 pm

      @Quequi, Hey there! I appreciate your feedback and notifying me that the page was messed up. Not sure how or when it happend but all my ” had become ? and all my \ had been removed. Wordpress or Live Writer must have done something funky and I didn’t even know it!

      Thanks for the re-write and notification and…. If you feel up to the task to build another script for Windows 7 and Windows Vista, let me know or post it in the forum. ;)

  3. Mike

    September 1, 2009 at 1:47 pm

    It seems wordpress has messed up your code again. There are a ton of ????????’s scattered through out it.

    • MrGroove

      September 2, 2009 at 8:50 am

      @Mike,
      Super.. Thnx for the fyi.

  4. Emile Krupp

    February 7, 2011 at 3:23 pm

    Terrific summary, this is very similar to a site that I have. Please check it out sometime and feel free to leave me a comenet on it and tell me what you think. Im always looking for feedback.

  5. MrGroove

    August 12, 2011 at 5:02 am

    Wordpress screwed up the code again…. fixed

Related Items:, , , , , , ,

Recommended for you

To Top