How to remove Encrypted flag when copying a file from a HDD to a USB drive?

Question

Environment: Windows 7, but applies to other EFS-compatible Windows versions

I have a file that is encrypted using standard Windows EFS encryption. When I copy that file to a USB drive using Total Commander or Explorer, the file stays encrypted at the destination.

Such encrypted file is inaccessible on any other Windows PC where my USB drive gets plugged in. I could import my personal certificates on that PC, but that's about the last thing I would like to do.

I would like the copying process automatically decrypt my file when the file is copied to a removable drive. Is there a way to tell Windows to do that?

A brute-force way to decrypt the file on-the-fly would be to switch to FAT as a file system on my USB drive, but I don't want to do that either.

Thanks in advance for any hints!

Answer 1

• RichCopy is a Free utility which can remove encryption on the fly while copying files and folders between NTFS formatted drives. (No need of FAT32 partition to decrypt)
• To access the setting, first Check 'Advanced' from 'View' menu. Then go to 'Copy Options' > Default > File attributes, Error Handling > File atttibutes to remove > Encrypted
• Details http://technet.microsoft.com/en-us/magazine/2009.04.utilityspotlight.aspx
• Download https://www.majorgeeks.com/files/details/microsoft_richcopy.html

Answer 2

Robocopy will do it with the /A-:E switch (E for encryption "attribute") - but not "on the fly": it does it as an (integrated) two-step process: first it does the copy (or move), then it removes the encryption (sort of like doing a copy followed by cipher /d. So its slow. But I guess you'd spend the time anyway, so if you prefer to do it in one step ...

Answer 3

Perhaps with a batch file you could do something like that :

solution 1

Create a mycopy.cmd file (in your PATH or in your "user profile directory") with the two lines :

COPY %1 %2
CIPHER /D %2

With the Windows+R keys open the execute dialog en type:

mycopy file-to-be-copied target-directory

solution 2

If the target directory is always the same you could simplify the file mycopy.cmd file as this

COPY %1 target-directory
CIPHER /D  target-directory

Putting the file in your SendTo directory (%userprofile%\AppData\Roaming\Microsoft\Windows\SendTo) will provide you a new option mycopy.cmd when you make a right clic on a file (in the send to sub menu)

Answer 4

The thing that worked for me best, using Windows Command Prompt, is below (and the link where it is described). I had to use this because I had a complex folder structure and lots of files deep in the hierarchy that were encrypted, so it was not feasible to do it one at a time manually.

Encrypt/decrypt folders (recursively in Windows) https://www.windows-commandline.com/cipher-command-line-encryption-utility/

Encrypt recursively

cipher  /A  /E / S:directoryname

Decrypt recursively

cipher  /A  /D / S:directoryname

Answer 5

Addition to the answer from CmPi:

If you have already copied your folder (e.g. RootFolder) and it is encrypted, you can recursively decrypt all the files and sub-folders with the /s option:

cipher /d /s:RootFolder

Note that you can do it from any PC as long as you exported the certificate and key used to encrypt the files and you imported them from the different PC. Check this link for info on how to transfer EFS certificates: http://windows.microsoft.com/en-us/windows-vista/share-encrypted-files

Answer 6

When copying an encrypted file to a destination that supports EFS, Windows will always carry over the encryption flag, i.e. encrypt the copied file (source: Win API). When creating a new file, Windows will use the encryption setting of the folder to determine whether or not to encrypt the file.

Try the following:

• After copying, open the properties of the destination folder.
• Enable encryption for it but do not choose to encrypt child objects.
• Apply changes
• Disable encryption for the folder and this time choose to decrypt all child objects.

That should do the trick.

Another option is to copy the data to an interim location that does not support encryption (such as a FAT volume), then move it to its destination.

Either way the process may be lengthy, but the only way to decrypt a file on the fly during copying would be to code your own copy utility, bypassing the CopyFile() API call but instead reading the source file and creating an identical file at the destination.

Answer 7

To decrypt the file when its copied to your USB media, disable encryption on the USB media. It can still use NTFS (which is what I assume you're using).