ulfben

Decrypt All EFS Files

May 13th, 2018
291
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Requires -version 3.0
  2. # DecryptAllFilesandFoldersOnLogicalDisk_v3.ps1
  3. # Version 1.2
  4. # By Marco Janse, http://www.ictstuff.info/find-all-encrypted-files-and-folders-and-decrypt-them-using-powershell/
  5. # Patched by Ulf Benjaminsson:
  6.     # Fixed: log path was broken
  7.     # Fixed: log name is timestamped and sorteable
  8.     # Fixed: hidden files weren’t decrypted
  9.     # Fixed: some filenames could break the script
  10. # The script will log every step in a logfile in C:\Logs\ by default.
  11.  
  12. # START OF SCRIPT
  13. # Verify the existence of a Logs directory. If it doe not exist, create it.
  14. If (-not(Test-Path -Path "C:\Logs")){
  15.    New-Item -Path "C:\" -Name "Logs" -ItemType directory
  16. }
  17.  
  18. # Date and Time
  19. $today = Get-Date
  20. $filename = $('DecryptAllFiles ') + $today.ToString('yyyy-MM-dd HHmm') + $('.log');
  21. $logFile = $("C:\Logs\${filename}")
  22.  
  23. # Either: get all logical drives en put the output in a variable named $drive
  24. #$drive = Get-WmiObject Win32_logicaldisk | Select-Object -ExpandProperty deviceID
  25. # OR hardcode the drive you want to decrypt (good for running one script-per-disk in parallel)
  26. $drive = "D:\"
  27.  
  28. Add-Content $logFile "$today Found the following drives: $drive"
  29.  
  30. # Let the user know the current status of the script
  31. Write-Host "Scanning drives ${drive} for encrypted files, please be patient..."
  32.  
  33. # Create a variable named $encryptedfiles that contains all items on all logical drives with a 'encrypted' attribute set
  34. $encryptedfiles += foreach ($d in $drive) {
  35.     Get-ChildItem $d -File -Recurse -Force -ErrorAction SilentlyContinue |
  36.     Where-Object { $_.Attributes -match "Encrypted" } |
  37.     Select-Object -ExpandProperty FullName
  38. }
  39.  
  40. # Now log the amount of encrypted files and all the encrypted files with full path
  41. Write-Host "Found $($encryptedfiles.count) encrypted files:"
  42. Add-Content $logFile "$today Found $($encryptedfiles.count) encrypted files:"
  43. Add-Content $logFile ""
  44.  
  45. foreach ($file in $encryptedfiles){
  46.     Add-Content $logFile "$file"
  47. }
  48.  
  49. # Next we'll add some extra lines for easy reading the logfile
  50. Add-Content $logFile "==============================================="
  51. Add-Content $logFile "$today total $($encryptedfiles.count) encrypted files"
  52. Add-Content $logfile ""
  53.  
  54. # Now, we'll start decrypting every file in the $encryptedfiles variable
  55. Write-Host "Starting decryption of all found files, please be patient..."
  56.  
  57. foreach ($file in $encryptedfiles) {
  58.     try {
  59.         (Get-Item -Force -LiteralPath "${file}").Decrypt()
  60.         Add-Content $logFile "${file} decrypted"
  61.     }
  62.     catch [Exception]{
  63.         Add-Content $logFile "ERROR: Decrypting ${file} failed. Error message: $_.Exception.ToString()"
  64.     }  
  65. }
  66.  
  67. # Now we write a completed decrypting files status message to the logfile
  68. Add-Content $logfile ""
  69. Add-Content $logfile ""
  70. Add-Content $logFile "Finished decrypting files"
  71. Write-Host "Finished decrypting files"
  72.  
  73. # Next up, we want to remove the encrypted flag from all the folders as well
  74. # We'll start by inventorying the encrypted folders again
  75. Write-Host "Scanning all logical drives for encrypted folders, please be patient..."
  76.  
  77. $encryptedfolders += foreach ($d in $drive) {
  78.     Get-ChildItem $d -Directory -Recurse -Force -ErrorAction SilentlyContinue |
  79.     Where-Object { $_.Attributes -match "Encrypted" } |
  80.     Select-Object -ExpandProperty FullName
  81. }
  82.  
  83. # Log the amount of encrypted folders and all the encrypted folders with full pathname
  84. Write-Host "Found $($encryptedfolders.count) encrypted folders:"
  85. Add-Content $logFile "$today Found $($encryptedfolders.count) encrypted folders:"
  86. Add-Content $logFile ""
  87.  
  88. foreach ($folder in $encryptedfolders){
  89.     Add-Content $logFile "$folder"
  90. }
  91.  
  92. # Next we'll add some extra lines for easy reading the logfile
  93. Add-Content $logFile "==============================================="
  94. Add-Content $logFile "$today total $($encryptedfolders.count) encrypted folders"
  95. Add-Content $logfile ""
  96.  
  97. # Now, we'll start decrypting every folder in the $encryptedfolders variable using the cipher utility
  98. Write-Host "Starting decryption of all found folders, please be patient..."
  99.  
  100. foreach ($folder in $encryptedfolders) {
  101.     try{
  102.         cipher.exe /d /i $folder
  103.         Add-Content $logFile "$folder decrypted"
  104.     }catch [Exception]{
  105.         Add-Content $logFile "ERROR: Decrypting $folder failed. Error message: $_.Exception.ToString()"
  106.     }  
  107. }
  108.  
  109. # Finally, a closing message to the logfile
  110. Add-Content $logfile ""
  111. Add-Content $logfile ""
  112. Add-Content $logFile "Finished decrypting folders"
  113. Write-Host "Finished decrypting folders"
  114. Add-Content $logfile ""
  115. Add-Content $logfile ""
  116. Add-Content $logFile "===END of script==="
  117.  
  118. Write-Host "===End of script==="
  119.  
  120. # END of Script
RAW Paste Data