This project is read-only.

Reporting Tool Design


The Reporting Tool is a short VBScript that pulls EFS Assistant reporting data out of WMI, stores it in a file, then displays that file using Excel. The VBScript file will be called EFSAWMI.vbs.


The Reporting Tool will be installed as a feature from the main EFSAssistant.msi. It will install to the main EFS Assistant install directory.

If the user chooses to install shortcuts in the installer, a shortcut will also be created for the Reporting Tool. The shortcut will be called "EFS Assistant Results Viewer".

Running the tool

The tool can be run from the command line in the usual way (by typing efsawmi while in the installation directory, or by using the shortcut installed in the start menu.

Tool operation

The basic tool operation is described in this section.

First, the tool reads the WMI data into a CSV file:
  1. Open a file called "EFSAWMI.csv" in the user's My Documents folder
  2. Write out headers for each column to be pulled from WMI. These columns are:
  3. Sets up the WMI query. The script connects to the winmgmts:\.\root\EFSAssistant service and executes this query: Select * from EFSAssistantResults
  4. For each item it pulls out of WMI, it writes a new line to the CSV file. To ease reading by Excel, the tool puts double quotes around all string values.
  5. When all entries are written, the output file is closed
At this point, the tool has read in the data and created a CSV file. The final step is to display the CSV file using Excel. To do so, we:
  1. Open the CSV file in Excel
  2. Turn on autofiltering
  3. Sort the data by name
  4. Set the column widths to reasonable values
  5. Set the spreadsheet to visible and turn control over to the user
  6. Exit

Data that is displayed

The following data will be read from the WMI and stored in the CSV file:
  • Name - the folder name
  • Classification - the color code that the tool classified that particular file or folder. Possible values are:
    • Red - The tool determined that it should not attempt to encrypt the folder
    • Green - The tool determined that it should attempt to encrypt the folder
    • Unclassified - The tool could not determine whether or not it should encrypt the folder. These folders will not be encrypted.
  • SourceOfClassification - contains a reason why the file or folder was categorized the way it was. Possible values are:
    • Inherited - Classification was based on the green or red status of the parent folder
    • Already Encrypted - The folder was classified as green because it is already encrypted
    • Folder Contents - The folder was classified as green because it contains only files on the 'file types to encrypt' list.
    • Default Folder List - The folder was classified as green or red because it was on the green or red default folder list.
    • Group Policy Folder List - The folder was classified as green or red because it was on the green or red group policy folder list.
    • Inherited from Parent Folder - The file was classified as green because the folder containing it was marked green (GOING AWAY?)
    • Unable to Classify - The folder could not be classified.
    • Do Not Scan Folder List - The folder was classified as red because it was on the Do Not Scan Folder List
    • System Folder - The folder was classified as red because it is has the system attribute set
  • EncryptionStatus - shows whether or not the file/folder was encrypted. Valid values are: (THESE WILL PROBABLY CHANGE)
    • Not Encrypted - File/folder not encrypted
    • Encrypted - File/folder encrypted
  • EncryptionSubStatus - contains additional information about each encryption operation. Valid values (subject to change) are:
    • 0 - No substatus assigned
    • 1 - Not encrypted because the file/folder was compressed
    • 2 - Not encrypted because the file/folder was shared
    • 3 - Not encrypted because the folder was a roaming folder (RUP)
    • 4 - Not encrypted because access to the file/folder was denied
    • 5 - The file/folder was already encrypted
    • 6 - The file/folder was encrypted by the tool in its most recent run
    • 10 - Substatus is unknown (should not be seen)
  • EncryptionTimestamp - the date and time that the encryption for this file/folder occurred


This tool will be uninstalled in the usual way:
  • by using Add/Remove Programs and removing the "Microsoft EFS Assistant"
  • by double-clicking the EFSAssistant.msi and choosing "Remove"
  • by running msiexec -x EFSAssistant.msi
In all cases, the EFSAWMI.vbs file will be removed along with the Start menu shortcut. Any saved CSV files created by the tool will not be deleted.

Known Limitations

The following are known limitations:
  • If you are running an older version of Excel, you will only be able to see the first 65536 entries in the WMI. There may be more on a machine with lots of files.

Last edited Apr 17, 2007 at 3:38 AM by billcan, version 5


No comments yet.