SHARE
TWEET

Decrypt All EFS Files

ulfben May 13th, 2018 (edited) 226 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Requires -version 3.0
  2. # DecryptAllFilesandFoldersOnLogicalDisk_v3.ps1
  3. # Version 1.2
  4. # By Marco Janse, http://www.ictstuff.info/find-all-encrypted-files-and-folders-and-decrypt-them-using-powershell/
  5. # Patched by Ulf Benjaminsson:
  6.     # Fixed: log path was broken
  7.     # Fixed: log name is timestamped and sorteable
  8.     # Fixed: hidden files weren’t decrypted
  9.     # Fixed: some filenames could break the script
  10. # The script will log every step in a logfile in C:\Logs\ by default.
  11.  
  12. # START OF SCRIPT
  13. # Verify the existence of a Logs directory. If it doe not exist, create it.
  14. If (-not(Test-Path -Path "C:\Logs")){
  15.    New-Item -Path "C:\" -Name "Logs" -ItemType directory
  16. }
  17.  
  18. # Date and Time
  19. $today = Get-Date
  20. $filename = $('DecryptAllFiles ') + $today.ToString('yyyy-MM-dd HHmm') + $('.log');
  21. $logFile = $("C:\Logs\${filename}")
  22.  
  23. # Either: get all logical drives en put the output in a variable named $drive
  24. #$drive = Get-WmiObject Win32_logicaldisk | Select-Object -ExpandProperty deviceID
  25. # OR hardcode the drive you want to decrypt (good for running one script-per-disk in parallel)
  26. $drive = "D:\"
  27.  
  28. Add-Content $logFile "$today Found the following drives: $drive"
  29.  
  30. # Let the user know the current status of the script
  31. Write-Host "Scanning drives ${drive} for encrypted files, please be patient..."
  32.  
  33. # Create a variable named $encryptedfiles that contains all items on all logical drives with a 'encrypted' attribute set
  34. $encryptedfiles += foreach ($d in $drive) {
  35.     Get-ChildItem $d -File -Recurse -Force -ErrorAction SilentlyContinue |
  36.     Where-Object { $_.Attributes -match "Encrypted" } |
  37.     Select-Object -ExpandProperty FullName
  38. }
  39.  
  40. # Now log the amount of encrypted files and all the encrypted files with full path
  41. Write-Host "Found $($encryptedfiles.count) encrypted files:"
  42. Add-Content $logFile "$today Found $($encryptedfiles.count) encrypted files:"
  43. Add-Content $logFile ""
  44.  
  45. foreach ($file in $encryptedfiles){
  46.     Add-Content $logFile "$file"
  47. }
  48.  
  49. # Next we'll add some extra lines for easy reading the logfile
  50. Add-Content $logFile "==============================================="
  51. Add-Content $logFile "$today total $($encryptedfiles.count) encrypted files"
  52. Add-Content $logfile ""
  53.  
  54. # Now, we'll start decrypting every file in the $encryptedfiles variable
  55. Write-Host "Starting decryption of all found files, please be patient..."
  56.  
  57. foreach ($file in $encryptedfiles) {
  58.     try {
  59.         (Get-Item -Force -LiteralPath "${file}").Decrypt()
  60.         Add-Content $logFile "${file} decrypted"
  61.     }
  62.     catch [Exception]{
  63.         Add-Content $logFile "ERROR: Decrypting ${file} failed. Error message: $_.Exception.ToString()"
  64.     }  
  65. }
  66.  
  67. # Now we write a completed decrypting files status message to the logfile
  68. Add-Content $logfile ""
  69. Add-Content $logfile ""
  70. Add-Content $logFile "Finished decrypting files"
  71. Write-Host "Finished decrypting files"
  72.  
  73. # Next up, we want to remove the encrypted flag from all the folders as well
  74. # We'll start by inventorying the encrypted folders again
  75. Write-Host "Scanning all logical drives for encrypted folders, please be patient..."
  76.  
  77. $encryptedfolders += foreach ($d in $drive) {
  78.     Get-ChildItem $d -Directory -Recurse -Force -ErrorAction SilentlyContinue |
  79.     Where-Object { $_.Attributes -match "Encrypted" } |
  80.     Select-Object -ExpandProperty FullName
  81. }
  82.  
  83. # Log the amount of encrypted folders and all the encrypted folders with full pathname
  84. Write-Host "Found $($encryptedfolders.count) encrypted folders:"
  85. Add-Content $logFile "$today Found $($encryptedfolders.count) encrypted folders:"
  86. Add-Content $logFile ""
  87.  
  88. foreach ($folder in $encryptedfolders){
  89.     Add-Content $logFile "$folder"
  90. }
  91.  
  92. # Next we'll add some extra lines for easy reading the logfile
  93. Add-Content $logFile "==============================================="
  94. Add-Content $logFile "$today total $($encryptedfolders.count) encrypted folders"
  95. Add-Content $logfile ""
  96.  
  97. # Now, we'll start decrypting every folder in the $encryptedfolders variable using the cipher utility
  98. Write-Host "Starting decryption of all found folders, please be patient..."
  99.  
  100. foreach ($folder in $encryptedfolders) {
  101.     try{
  102.         cipher.exe /d /i $folder
  103.         Add-Content $logFile "$folder decrypted"
  104.     }catch [Exception]{
  105.         Add-Content $logFile "ERROR: Decrypting $folder failed. Error message: $_.Exception.ToString()"
  106.     }  
  107. }
  108.  
  109. # Finally, a closing message to the logfile
  110. Add-Content $logfile ""
  111. Add-Content $logfile ""
  112. Add-Content $logFile "Finished decrypting folders"
  113. Write-Host "Finished decrypting folders"
  114. Add-Content $logfile ""
  115. Add-Content $logfile ""
  116. Add-Content $logFile "===END of script==="
  117.  
  118. Write-Host "===End of script==="
  119.  
  120. # END of Script
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top