EFS : Manging EFS in a Domain

Troubleshooting EFS Certificates

EFS is an incredibly powerful security tool for todays security minded business, it can also be an incredible pain to troubleshoot.Here are some useful commands and processes ot identify why EFS may not be performing as expected.

1) Check that the certificate is in the users profile; EFS is dependant upon the users profile containing the EFS certificate. The profile is used when accessingencrypted shares over the network.

2) This may be down to a CRL access issue. Verify certificate services is running on the CA: certutil -ping -config

3) Obtain file EFS information from the encrypted file, will obtain the hash of the certificate in use. Use the following command whitin the shared folder to get the hash of the certificate used to encrypt the file: efsutil /c

4) Obtain certificate information, using the hash obtained in step 3: certutil -store -v -user MY “”

5) Check the following Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\EFS\CurrentKeys . Ensure that the Default EFS Hash is correct, if not delete the value – it will auto-recreate.