HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003 (814599)
The information in this article applies to:
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP 64-Bit Edition Version 2003
- Microsoft Windows Small Business Server 2003, Standard Edition
- Microsoft Windows Small Business Server 2003, Premium Edition
For a Windows 2000 version of this article, see the
following Knowledge Base article: 315672 HOW TO: Use
Cipher.exe to Overwrite Deleted Data in Windows
IN THIS TASKSUMMARYAdministrators can use Cipher.exe to encrypt and decrypt
data on drives that use the NTFS file system and to view the encryption status
of files and folders from a command prompt. The version of Cipher.exe that is
included with Windows Server 2003 includes the ability to overwrite data that
you have deleted so that it cannot be recovered or accessed. When you
delete files or folders, the data is not initially removed from the hard disk.
Instead, the space on the disk that was occupied by the deleted data is
"deallocated." After it is deallocated, the space is available for use when new
data is written to the disk. Until the space is overwritten, you can recover
the deleted data by using a low-level disk editor or data-recovery software.
When you encrypt plain text files, Encrypting File System (EFS) makes
a backup copy of the file so that the data is not lost if an error occurs
during the encryption process. After the encryption is complete, the backup
copy is deleted. As with other deleted files, the data is not completely
removed until it has been overwritten. The Windows Server 2003 version of the
Cipher utility is designed to prevent unauthorized recovery of such data.
back to the topHow to Use the Cipher Security Tool to Overwrite Deleted DataTo overwrite deleted data on a volume by using Cipher.exe, use the
/w switch with the cipher command:
- Quit all programs.
- Click Start, click Run,
type cmd, and then press ENTER.
- Type cipher
/w:folder, and then
press ENTER, where folder is any folder in the volume that you want to clean. For example, the cipher /w:c:\test command causes all deallocated space on drive C to be overwritten. If C:\folder is a Mount Point or points to a folder on another volume, all deallocated space on that volume will be cleaned.
Data that is not allocated to files or folders is overwritten.
This permanently removes the data. This can take a long time if you are
overwriting a large amount of space. back to the topREFERENCES
For additional information about related topics, click the following article
numbers to view the articles in the Microsoft Knowledge Base: 298009
Cipher.exe Security Tool for the Encrypting File System
223316 Best
Practices for the Encrypting File System
| Modification Type: | Minor | Last Reviewed: | 3/30/2004 |
|---|
| Keywords: | kbSecurityServices kbHOWTOmaster KB814599 kbAudITPRO |
|---|
|