Decrypt All EFS Files

1. #Requires -version 3.0
2. # DecryptAllFilesandFoldersOnLogicalDisk_v3.ps1
3. # Version 1.2
4. # By Marco Janse, http://www.ictstuff.info/find-all-encrypted-files-and-folders-and-decrypt-them-using-powershell/
5. # Patched by Ulf Benjaminsson:
6.     # Fixed: log path was broken
7.     # Fixed: log name is timestamped and sorteable
8.     # Fixed: hidden files weren’t decrypted
9.     # Fixed: some filenames could break the script
10. # The script will log every step in a logfile in C:\Logs\ by default.
11.  
12. # START OF SCRIPT
13. # Verify the existence of a Logs directory. If it doe not exist, create it.
14. If (-not(Test-Path -Path "C:\Logs")){
15.    New-Item -Path "C:\" -Name "Logs" -ItemType directory
16. }
17.  
18. # Date and Time
19. $today = Get-Date
20. $filename = $('DecryptAllFiles ') + $today.ToString('yyyy-MM-dd HHmm') + $('.log');
21. $logFile = $("C:\Logs\${filename}")
22.  
23. # Either: get all logical drives en put the output in a variable named $drive
24. #$drive = Get-WmiObject Win32_logicaldisk | Select-Object -ExpandProperty deviceID
25. # OR hardcode the drive you want to decrypt (good for running one script-per-disk in parallel)
26. $drive = "D:\"
27.  
28. Add-Content $logFile "$today Found the following drives: $drive"
29.  
30. # Let the user know the current status of the script
31. Write-Host "Scanning drives ${drive} for encrypted files, please be patient..."
32.  
33. # Create a variable named $encryptedfiles that contains all items on all logical drives with a 'encrypted' attribute set
34. $encryptedfiles += foreach ($d in $drive) {
35.     Get-ChildItem $d -File -Recurse -Force -ErrorAction SilentlyContinue |
36.     Where-Object { $_.Attributes -match "Encrypted" } |
37.     Select-Object -ExpandProperty FullName
38. }
39.  
40. # Now log the amount of encrypted files and all the encrypted files with full path
41. Write-Host "Found $($encryptedfiles.count) encrypted files:"
42. Add-Content $logFile "$today Found $($encryptedfiles.count) encrypted files:"
43. Add-Content $logFile ""
44.  
45. foreach ($file in $encryptedfiles){
46.     Add-Content $logFile "$file"
47. }
48.  
49. # Next we'll add some extra lines for easy reading the logfile
50. Add-Content $logFile "==============================================="
51. Add-Content $logFile "$today total $($encryptedfiles.count) encrypted files"
52. Add-Content $logfile ""
53.  
54. # Now, we'll start decrypting every file in the $encryptedfiles variable
55. Write-Host "Starting decryption of all found files, please be patient..."
56.  
57. foreach ($file in $encryptedfiles) {
58.     try {
59.         (Get-Item -Force -LiteralPath "${file}").Decrypt()
60.         Add-Content $logFile "${file} decrypted"
61.     }
62.     catch [Exception]{
63.         Add-Content $logFile "ERROR: Decrypting ${file} failed. Error message: $_.Exception.ToString()"
64.     }  
65. }
66.  
67. # Now we write a completed decrypting files status message to the logfile
68. Add-Content $logfile ""
69. Add-Content $logfile ""
70. Add-Content $logFile "Finished decrypting files"
71. Write-Host "Finished decrypting files"
72.  
73. # Next up, we want to remove the encrypted flag from all the folders as well
74. # We'll start by inventorying the encrypted folders again
75. Write-Host "Scanning all logical drives for encrypted folders, please be patient..."
76.  
77. $encryptedfolders += foreach ($d in $drive) {
78.     Get-ChildItem $d -Directory -Recurse -Force -ErrorAction SilentlyContinue |
79.     Where-Object { $_.Attributes -match "Encrypted" } |
80.     Select-Object -ExpandProperty FullName
81. }
82.  
83. # Log the amount of encrypted folders and all the encrypted folders with full pathname
84. Write-Host "Found $($encryptedfolders.count) encrypted folders:"
85. Add-Content $logFile "$today Found $($encryptedfolders.count) encrypted folders:"
86. Add-Content $logFile ""
87.  
88. foreach ($folder in $encryptedfolders){
89.     Add-Content $logFile "$folder"
90. }
91.  
92. # Next we'll add some extra lines for easy reading the logfile
93. Add-Content $logFile "==============================================="
94. Add-Content $logFile "$today total $($encryptedfolders.count) encrypted folders"
95. Add-Content $logfile ""
96.  
97. # Now, we'll start decrypting every folder in the $encryptedfolders variable using the cipher utility
98. Write-Host "Starting decryption of all found folders, please be patient..."
99.  
100. foreach ($folder in $encryptedfolders) {
101.     try{
102.         cipher.exe /d /i $folder
103.         Add-Content $logFile "$folder decrypted"
104.     }catch [Exception]{
105.         Add-Content $logFile "ERROR: Decrypting $folder failed. Error message: $_.Exception.ToString()"
106.     }  
107. }
108.  
109. # Finally, a closing message to the logfile
110. Add-Content $logfile ""
111. Add-Content $logfile ""
112. Add-Content $logFile "Finished decrypting folders"
113. Write-Host "Finished decrypting folders"
114. Add-Content $logfile ""
115. Add-Content $logfile ""
116. Add-Content $logFile "===END of script==="
117.  
118. Write-Host "===End of script==="
119.  
120. # END of Script