Tip 92: Enable or Disable EFS in Windows XP

When you use Encrypting File System (EFS), you can store data securely because selected files and/or folders on a NTFS file system partition can be encrypted. Below are some ways in which you can enable / disable the effective use EFS.

To disable the use of EFS for a number of machines in a Windows Server 2003 Domain:

  1. Create a GPO using Group Policy Management Console (GPMC)
  2. Navigate to:
  3. Right-click Encrypting File System, Properties and check or uncheck the setting entitled:
    Allow users to encrypt files using Encrypting File System (EFS)
  4. Close the GPO and link it to the Active Directory object it needs to be applied to.
     

To disable the use of EFS on a machine in a Workgroup:

  1. Start a registry editor (e.g. regedit.exe).
  2. Navigate to the subkey:
    Hive: HKEY_LOCAL_MACHINE
    Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS
    Name: EfsConfiguration
    Type: REG_DWORD
    Value: 1 = Disable EFS
    Value: 0 = Enable EFS
  3. Close the registry editor.
  4. Log off and log on again for the change to take effect. You may need to restart Windows for the change to take effect.

To disable the use of EFS within a specific Folder on disk:

  1. Create a file called 'Desktop.ini' in the folder
  2. Enter the following into the file:
    [Encryption]
    disable=1

For a related setting setting, look at:
EFS Encrypt/Decrypt options on Explorer shortcut menu

This links to an extensive description of EFS functionality.

Last Modified: 10/03/2022 20:42:37