Cannot get Cipher.exe to work in Windows 8.1 Pro

[DarkKnight]

I have posted this in other tech forums but cannot seem to get an answer, maybe I can get some help here .............

I am trying to run cipher.exe in an elevated command prompt using "cipher /w:C:" to wipe free disk space, even though I am the administrator on the administrator account, whether I run at an elevated cmd prompt or not I get the same message ....

"This program is blocked by group policy, For more information, contact your system administrator"

I get the same message when I try to use SDelete also.
People keep pointing me to CCleaner, I know CCleaner wipes free space, but it takes forever to do it, even when it is set on one pass, on a 1TB drive with 630GB free space to wipe CCleaner takes 14+ hours to wipe with one pass. And from what I heard and understand cipher can wipe around 50 gigs free space in just about 25 minutes, so calculating around 600 gigs it should be able to do it in around 5 hours +/- which to me is much better than 14 hours that CCleaner does.

How do I get around the above problem in group policy?

BTW, I have also tried to reset the group policy editor to default also ....... does not work.

Running Windows 8.1 Pro x64 with all Windows updates in place.

[Tripredacus]

If the computer is not part of a domain and has no active GPOs on it, I would look for possible infections. There are many viruses (and even their preventative counterparts) that can block applications from being executed. However, running the file from another place and after being renamed may work.

[jaclaz]

Also check the good ol' 

https://technet.microsoft.com/en-us/library/bb457006.aspx

HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\

 

As often happens the setting remained through later releases, at least up to 7/Server 2008/R2 so it is entirely possible that they are in Windows 8/8.1 as well, see also:
http://jon-heidenreich.blogspot.it/2013/09/malwarebytes-this-program-is-blocked-by.html

 

25 minutes to wipe 50 Gb seems reasonable for a 00 write, besides making cipher or sdelete working, you may also want to try fsutil, you can create a file the size of the free space, then fill it with zeroes with setzerodata:

http://ss64.com/nt/fsutil.html

or try powershell:

http://blog.whatsupduck.net/2012/03/powershell-alternative-to-sdelete.html

 

 

jaclaz

[DarkKnight]

If the computer is not part of a domain and has no active GPOs on it, I would look for possible infections. There are many viruses (and even their preventative counterparts) that can block applications from being executed. However, running the file from another place and after being renamed may work.

 

I thought of it ..... then thought again, with my security solution it would highly unlikely, NOT impossible but unlikely.

 

As often happens the setting remained through later releases, at least up to 7/Server 2008/R2 so it is entirely possible that they are in Windows 8/8.1 as well, see also:

http://jon-heidenreich.blogspot.it/2013/09/malwarebytes-this-program-is-blocked-by.html

 

jaclaz

 

Believe it or not, that's the one that worked, followed the directions on the page, rebooted, opened a elevated cmd prompt and used the cipher command and .... wammo! it worked, I knew I would find my answer here.

Thanks jaclaz!

Edited May 9, 2015 by DarkKnight

[jaclaz]

Believe it or not, that's the one that worked, followed the directions on the page, rebooted, opened a elevated cmd prompt and used the cipher command and .... wammo! it worked, I knew I would find my answer here.

Thanks jaclaz!

 

You are welcome .

The good MS guys have a long tradition of keeping previous OS specific settings without documenting them and use deceiving error messages, and on the other hand the good guys that write programs often use some settings without really knowing all the consequences (mainly because the good MS guys never documented them properly), since this behaviour appears to be a not-so-common one my bet is on some third party tool setting those keys, possibly in order to increase the security of the PC.

 

jaclaz