Hi all. I want to script out a process to identify all local efs certs on a users machine so I can then use cipher.exe to export them and move them to that users new machine during a refresh process. Its possible that a user will have more than one cert and/or that a machine might even be shared and have more than one user, and so far the only way I have seen to handle this was to use the Certificates snapin mmc which of course doesnt lend itself to an automated or scripted solution. Hope someone can help, but myself and one of the guys I work with has been trying to work this out and there doesnt seem to be a graceful way to do what seems like a pretty straight forward thing.
Our first attempt to script this involved running cipher.exe to gen a list of all encrypted files, then efsinfo to on every one of those files to get a list of efs users who could decrypt and then taking the distinct values from that and running cipher.exe on them to export the certs. Very top heavy and slow, and those commands produce output formates that make them very hared to script.
Can someone please help or advise? Because I know things work a little different in Vista, let me say up front that we are a mostly XP shop with a little Vista.
-sG
Our first attempt to script this involved running cipher.exe to gen a list of all encrypted files, then efsinfo to on every one of those files to get a list of efs users who could decrypt and then taking the distinct values from that and running cipher.exe on them to export the certs. Very top heavy and slow, and those commands produce output formates that make them very hared to script.
Can someone please help or advise? Because I know things work a little different in Vista, let me say up front that we are a mostly XP shop with a little Vista.
-sG
