When you use Encrypting File System (EFS), you can store data securely because
selected files and/or folders on a NTFS file system partition can be encrypted.
Below are some ways in which you can enable / disable the effective use EFS.
To disable the use of EFS for a number of machines in a Windows Server 2003
Domain:
- Create a GPO using Group Policy Management Console
(GPMC)
- Navigate to:

- Right-click Encrypting File System, Properties and check
or uncheck the setting entitled:
Allow users to encrypt files using Encrypting File System (EFS)
- Close the GPO and link it to the Active Directory object
it needs to be applied to.
To disable the use of EFS on a machine in a Workgroup:
- Start a registry editor (e.g. regedit.exe).
- Navigate to the subkey:
Hive:
|
HKEY_LOCAL_MACHINE |
Key:
|
SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS |
Name:
|
EfsConfiguration |
Type:
|
REG_DWORD |
Value: |
1 = Disable EFS |
Value: |
0 = Enable EFS |
- Close the registry editor.
- Log off and log on again for the change to take effect.
You may need to restart Windows for the change to take effect.
To disable the use of EFS within a specific Folder on disk:
- Create a file called 'Desktop.ini' in the folder
- Enter the following into the file:
[Encryption]
disable=1
For a related setting setting, look at:
EFS Encrypt/Decrypt options on Explorer shortcut menu
This links
to an extensive description of EFS functionality.
|