# Need help with batch script



## tommo020788 (Oct 20, 2008)

Hi, I just had a question about a script I'm trying to make for hiding/unhiding folders.

Here is the script I have come up with so far:


```
cls if exist "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" goto lock else goto unlock :lock echo off attrib "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" +s +h goto end :unlock echo off attrib "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" -s -h goto end :end exit
```
For some reason, it works to hide the folder, but when you click it after it hides the folder, it does not reveal the file again,
yet if I run the line "attrib "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" -s -h" in a separate batch file, it works fine...

Theres got to be something wrong with my script that is stopping it from running the "unlock" line...

Any ideas?


----------



## TheOutcaste (Aug 8, 2007)

Not sure wherer the line breaks ran off to, that should look more like this:

```
cls
if exist "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" goto lock else goto unlock
:lock
echo off
attrib "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" +s +h
goto end
:unlock
echo off
attrib "C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test" -s -h
goto end
:end
exit
```
The problem is *If Exist* sees the file. The fact that it has the hidden and system attributes set doesn't make it not exist, they only hide it from display if you have the system set to hide files with those attibutes set.
You need to check the attributes, then decide if you want to set or unset those attributes

```
@Echo Off
Set _FileName=C:\Documents and Settings\Tom\Desktop\GM Games\folderlock\test
Call :_ChkAtr "%_FileName%"
Goto:EOF
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:_ChkAtr
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Set _atr=%~a1
Set _Unlock=n
If "%_atr:~3,1%"=="h" Set _unlock=y
If "%_atr:~4,1%"=="s" Set _unlock=y
If %_Unlock%==y (
  Attrib -h -s "%~1">Nul
) Else (
  Attrib +h +s "%~1">Nul
)
Goto:EOF
```


----------



## tommo020788 (Oct 20, 2008)

Thanks, I thought that might be the case, seeing as I was having a similar issue coding a directory check for it in another language...

I wonder if there is a way to encrypt/decrypt the folder as well with a password using batch script? 
Or would you have another suggestion for securing a folder on your hard drive using batch script?


----------



## TheOutcaste (Aug 8, 2007)

You can use 7-Zip, WinRar, WinZip (and others) to password protect a file/folder from the command line. You don't have to compress the files either, just set compression to none.
You can encrypt/Decrypt the files using cipher.exe, but they will be accessible when logged into your account; that only protects them from being accessed outside of your account.
Just make sure you have a copy of the encryption keys, or you could lose the files permanently.


----------



## tommo020788 (Oct 20, 2008)

OK, 
so if I was to encrypt the files using "Cipher.exe", and someone copied the encrypted files onto their computer, there would be no way for them to decrypt it?
Or if someone stole my entire harddrive, and put it into their computer, would there be no way of decrypting those files again?

and when you say only your user account can access the files, does that just mean that only my account has access to be able to enter a password to decipher the files? or does it mean, if someone was on my account, they could access the files without having to decipher them with password?

EDIT: I can't see any commands in the "Cipher" tool, that allow you to add a password to the encryption :/


----------



## Squashman (Apr 4, 2003)

Correct. There is no password. Encryption keys are created. Only your user that you login with on your computer can access the file.


----------



## TheOutcaste (Aug 8, 2007)

If they stole the drive, they would not be able to access the files unless they had your account password, or a copy of the encryption certificate including the private key.
If you reset your account password from a different account, or do a repair install, or re-install of Windows, you won't be able to access the files either, without importing the encryption certifacate and keys. Which is why it should be backed up and stored in a secure location. Creating a new account with the same name and password will not give you access.

Click *Start | Help and Support* and search on *Encrypting File System*.


----------



## hqnet (Nov 14, 2009)

Hi,

If you are uncomfortable with having your data so dependent 
on your windows account you might find this useful

http://www.freeotfe.org/screenshots.html

HTH
Regards.


----------



## tommo020788 (Oct 20, 2008)

hmm well from what I can see, "Cipher.exe" comes with windows XP service pack 2, which means if I was to share batch script that uses cipher.exe, it should be in their "windows/system32" folder, provided they are using windows XP, and have sp2 installed.

I'm not sure though if "Cipher.exe" is used for later versions of windows (vista/windows 7), or if it is included with their service packs.

Could someone shed some light on the subject?


EDIT: One more question... how would I write a batch that will check weather the target folder is encrypted or not, and encrypt/decrypt the target folder accordingly?

I'd be after the same effect achieved with the batch code TheOutCastle gave me for the hidden attribute batch script.


----------



## TheOutcaste (Aug 8, 2007)

Cipher has been part of XP Pro since day one. It's not included with XP Home.
SP2 added the */X* switch to export the certificate and keys
The SP3 version is about 500 bytes larger, but I don't know what changes were made.
It's also included with Win2K Pro.

Vista and Win 7 Home Basic include it, but it can only encrypt on Vista Business/Win 7 Pro or higher editions.
Home versions can use it to check if a file/folder is encrypted.
Don't have a Starter install handy to check.

To check if a file/folder is encrypted or not, just check the output of the Cipher command for *U* or *E*
Encrypt a folder in your *My Documents* folder
Open a Command Prompt
Type these commands:
*CD /D "%Userprofile%\My Documents"
cipher
cipher /?*

You can use it to check a UNC path, but the output format is slightly different


----------



## tommo020788 (Oct 20, 2008)

I've given it a go, but haven't had much luck getting it to work. I also read somewhere that you might be able to check the attributes of a specific file/folder to return weather it is encrypted or not.

would it be possible to get an example batch script from someone to do this?


----------



## TheOutcaste (Aug 8, 2007)

Enter file name/path without quotes

```
@Echo Off
:_Ask
Echo. Press Enter to Exit
Set _Resp=
Set /P _Resp=Enter the full path to the File/Folder you wish to check: 
If "%_Resp%"=="" Goto :EOF
If Not Exist "%_Resp%" Echo. I can't find "%_Resp%", please try again&Goto :_Ask
For /F "Tokens=1" %%I In ('Cipher "%_Resp%"') Do Set _Enc=%%I
If /I "%_Enc%"=="E" (
  Echo."%_Resp%" Is Encrypted
) Else (
  If /I "%_Enc%"=="U" (
    Echo "%_Resp%" Is Not Encrypted
  ) Else (
    Echo. Unable to determine if "%_Resp%" is Encrypted or not
  )
)
```


----------



## tommo020788 (Oct 20, 2008)

Thanks again OutCastle.
I put your script into a batch file, and made a folder called "test" in the same folder the batch file was in, ran this batch file, and typed "test" (without the quotes), hit enter, but then it seems to just exit, as if there was an error somewhere in the script.

Also, I can't really type a full path (e.g. C:\Documents and Settings\Tom\Desktop\test) without having the quotes, because there may be spaces in the folder names I use.


----------



## TheOutcaste (Aug 8, 2007)

Tyoe the full path without quotes, doesn't matter if it has spaces. The batch file adds the quotes (*%_Resp%* always has quotes around it). If you type "C:\Test Folder" the batch file ends up with ""C:\Test Folder"" which will cause an error.

You can use a relative path though, type *.\test*

If the batch file itself is in test, you can enter it using *..\test*


----------



## tommo020788 (Oct 20, 2008)

yup, still aint working, even with a reletive path test :/


----------



## TheOutcaste (Aug 8, 2007)

You are running this from a Command Prompt, and not just double clicking the file, correct?


----------



## tommo020788 (Oct 20, 2008)

if I type the wrong path, it echo's


> I can't find "foldername" please try again.


but if I type a correct path, the cmd window just exits.


----------



## tommo020788 (Oct 20, 2008)

should I be running the batch file externaly through cmd? :/
I copied your code into a batch file, and double clicked batch file to open.


----------



## TheOutcaste (Aug 8, 2007)

Open a command prompt and run it from there. If you double click the file it will echo the result and immediately close the window.
Or add a Pause command at the end


----------



## tommo020788 (Oct 20, 2008)

yeah I tried adding a pause command at the end. It still exits.
If i open up cmd, and run it from there, it gets up to the same point where it asks you to type the path, I type the path, then when I hit enter, it does nothing.


----------



## TheOutcaste (Aug 8, 2007)

Disable the echo off command so you can see what it's doing. Make sure you didn't miss the last *)*, that will mess it up as well.


----------



## tommo020788 (Oct 20, 2008)

OK, double checked the ) is at the end, and it is there, so thats all good.

without echo off, it shows that it is stopping at Set _Enc=New

Heres a screen shot below. I tried testing the code by typing


> \test


, and again with


> .\test


, just to be sure i was typing it right...


----------



## TheOutcaste (Aug 8, 2007)

Could have sworn I was running that in an XP machine. XP (and Win 2K/2K3) outputs a *nul* before the line that shows the file, which batch sees as the end of file.

I think VBScript would have the same problem, though you might be able to read all the output then use a Regular Expression to remove the nuls. Have to do some experimenting tomorrow.
You can tell if the current folder is set to encrypt files by checking the New files line, which will read one of these:
*New files added to this directory will be encrypted.
New files added to this directory will be not be encrypted.*

That applies to the current folder though, not anything you specify on the cipher command line.

Works fine in Vista and Win 7


----------



## tommo020788 (Oct 20, 2008)

dang... so theres not really any way to check if a specific targeted folder is encrypted eh?


----------



## TheOutcaste (Aug 8, 2007)

TheOutcaste said:


> You can tell if the current *folder* is set to encrypt files by checking the New files line, which will read one of these:
> *New files added to this directory will be encrypted.
> New files added to this directory will be not be encrypted.*
> 
> That applies to the current folder though, not anything you specify on the cipher command line.




```
@Echo Off
:_Ask
Echo.Press Enter to Exit
Set _Resp=
Set /P _Resp=Enter the full path to the File/Folder you wish to check: 
If "%_Resp%"=="" Goto :EOF
If Not Exist "%_Resp%" Echo. I can't find "%_Resp%", please try again&Goto :_Ask
PushD "%_Resp%"
For /F "Tokens=1 Delims=" %%I In ('Cipher "%_Resp%"') Do Set _Enc=%%I
If /I "%_Enc%"==" New files added to this directory will be encrypted." (
  Echo."%_Resp%" Is Encrypted
) Else (
  If /I "%_Enc%"==" New files added to this directory will not be encrypted." (
    Echo."%_Resp%" Is Not Encrypted
  ) Else (
    Echo.Unable to determine if "%_Resp%" is Encrypted or not
  )
)
PopD
```
You can't check an individual file, only a folder, and this will only work on Win2k/XP/Win2k3


----------



## tommo020788 (Oct 20, 2008)

Ah OK thanks.
so theres no way to get that to work on a windows vista/7 system?


----------



## TheOutcaste (Aug 8, 2007)

The cipher command doesn't output nulls on Vista or later, so the first version works fine, and can test files and folders.


----------



## tommo020788 (Oct 20, 2008)

oh ok, so the other method should be used for vista and 7 to check folders for encryption, and this last one just for XP


----------



## tommo020788 (Oct 20, 2008)

Just to be sure I got this right... I modified your script so instead of echoing weather its encrypted or not, it will decrypt the file if it is encrypted, and it will encrypt the file if it is not encrypted:



> @Echo Off
> :_Ask
> Echo. Press Enter to Exit
> Set _Resp=
> ...


This right?


----------



## TheOutcaste (Aug 8, 2007)

That will only work on Vista or later, and only sets the folder to not encrypt (or to encrypt) new files. The current contents of the folder will not be changed. Folders are never encrypted, they don't actually contain data, just a list of files and folders.


----------

