Unsolved Windows 10 and Windows Server 2008 R2 Encrypted EFS Files on Network Share

scottalanmiller

We have a customer who has a Windows Server 2008 R2 file server. They access the files from Windows 10. They used EFS encryption file by file, within folders, from both the workstation and the server. Now they have a server full of files that the server cannot read or decrypt. We've decrypted the files that the server had encrypted, that's done.

From the Windows 10 workstation, we can mount the remote share and go one by one and decrypt files. But there are thousands and they are not in encrypted directories. So the GUI doesn't give any way to just decrypt everything.

I can use command line tools like Cipher to list the encrypted files from the server. But commands like this don't seem to work on a network share. So we need to run a command from the Windows 10 workstation that will go file by file on the server share and decrypt anything encrypted.

Anyone have any idea how to do this? If Cipher has a syntax to specify a network share, that seems like it would do it. I just can't find that documented anywhere.

pmoncho

@scottalanmiller said in Windows 10 and Windows Server 2008 R2 Encrypted EFS Files on Network Share:

We have a customer who has a Windows Server 2008 R2 file server. They access the files from Windows 10. They used EFS encryption file by file, within folders, from both the workstation and the server. Now they have a server full of files that the server cannot read or decrypt. We've decrypted the files that the server had encrypted, that's done.

From the Windows 10 workstation, we can mount the remote share and go one by one and decrypt files. But there are thousands and they are not in encrypted directories. So the GUI doesn't give any way to just decrypt everything.

I can use command line tools like Cipher to list the encrypted files from the server. But commands like this don't seem to work on a network share. So we need to run a command from the Windows 10 workstation that will go file by file on the server share and decrypt anything encrypted.

Anyone have any idea how to do this? If Cipher has a syntax to specify a network share, that seems like it would do it. I just can't find that documented anywhere.

Just a popup idea - I have not used Cipher but will it work if you assign the share a drive letter?

dbeato

Yeah, not in my experience. You will need to do it one by one. EFS sucks plain and simple... you only can accomplish the files to be opened over a share if the user has the EFS Certificate in the server that host it and you have logged into it as well in it. It is a mess.

scottalanmiller

@pmoncho said in Windows 10 and Windows Server 2008 R2 Encrypted EFS Files on Network Share:

Just a popup idea - I have not used Cipher but will it work if you assign the share a drive letter?

They claim not, local only. Supposedly.

scottalanmiller

We "kind of" got it resolved, just manually.

black3dynamite

Within PowerShell can't use something like Push-Location \\Server\Share\path or Set-Location \\Server\Share\path and then run the cipher command?