Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Cipher.exe Security Tool for the Encrypting File System

Cipher.exe Security Tool for the Encrypting File System

Summary

Cipher.exe is a command-line tool (included with Windows 2000) that you can use to manage encrypted data by using the Encrypting File System (EFS). As of June 2001, Microsoft has developed an improved version of the Cipher.exe tool that provides the ability to permanently overwrite (or "wipe") all of the deleted data on a hard disk. This feature improves security by ensuring that even an attacker who gained complete physical control of a Windows 2000 computer would be unable to recover previously-deleted data.

IMPORTANT: Please note the following important information:
  • You must install Cipher.exe by using the installer package instead of copying the new version of Cipher.exe to your computer. The tool relies on additional NTFS functionality that is added as part of the installation process. If you only copy the Cipher.exe file to your computer and then run it, you could destroy data on the drive.
  • You must close all programs before you start Cipher.exe.
  • Cipher.exe is not a cure-all that makes it safe to store sensitive data in a plain-text format. Although you can use this tool to remove sensitive data from a drive, if best practices are followed, such data would not normally be created on the drive. For additional information about these best practices, click the following article number to view the article in the Microsoft Knowledge Base:
    223316 Best Practices for the Encrypting File System
For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

↑ Back to the top

More Information

How to Obtain Cipher.exe

Cipher.exe is available in Windows 2000 Service Pack 3 or later or the Windows 2000 Security Rollup Package 1 (SRP1) or individually via the links below.
For additional information on SRP1, click the article number below to view the article in the Microsoft Knowledge Base:
311401 Windows 2000 Security Rollup Package 1 (SRP1), January 2002
 Q298009_W2K_SP3_x86_en.exe contains the following files: 

   Date         Time   Version        Size     Filename
   ------------------------------------------------------
   May-30-2001  16:25  5.0.2195.3653   36,112  Cipher.exe
   May-26-2001  07:48  5.0.2195.3649  512,272  Ntfs.sys

↑ Back to the top

How to Use Cipher.exe

To overwrite the deallocated data:
  1. Quit all programs.
  2. Click Start, click Run, and type cmd, and then press ENTER.
  3. Type cipher
    /w:'folder', and then press ENTER, where folder is optional and can be any folder in a local volume that you want to clean. For example, the
    cipher /w:c:\test command causes the deallocated space on drive C: to be overwritten. If c:\test is a mount point or points to a folder in another volume, deallocated space on that volume will be cleaned.
For more information about EFS, please see the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc700811.aspx

↑ Back to the top

Keywords: kbhotfixserver, kbqfe, kbbillprodsweep, kbenv, kbinfo, kbsecurity, kbwin2000presp3fix, kbwin2000sp3fix, kb

↑ Back to the top

Article Info
Article ID : 298009
Revision : 7
Created on : 6/4/2018
Published on : 6/4/2018
Exists online : False
Views : 141