EFS (Encrypting File System) is a feature built into the NTFS file system in Windows that lets you encrypt folders or files on the fly. Though it’s free, many users would like to use third-party alternatives like TrueCrypt, Lock My Folders. In this tutorial we’ll show you 3 ways to disable EFS in Windows 10 / 8 / 7.
Method 1: Disable EFS via Local Group Policy Editor
- Open the Local Group Policy Editor and navigate to:
Computer Configuration\Administrative Templates\System\Filesystem\NTFS
.
In the right pane, double-click on the “Do not allow encryption on all NTFS volumes” policy to edit it.
- Select Enabled and click OK.
- Reboot your computer for the policy to take effect. The option “encrypt contents to secure data” should be greyed out and you’re unable to encrypt or decrypt folders/files with EFS.
You can also use Registry Editor to enable the “Do not allow encryption on all NTFS volumes” policy. Just navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies, create a 32-bit DWORD NtfsDisableEncryption and set its value to 1.
If you want to enable EFS encryption again, just set NtfsDisableEncryption to 0 and reboot your computer.
Method 2: Disable EFS via Command Prompt
Open the elevated Command Prompt, and run the following command to disable EFS:
fsutil behavior set disableencryption 1
If you ever want to turn on EFS again, execute this command:
fsutil behavior set disableencryption 0
This task could also be done using a registry tweak. Just open Registry Editor and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem. Look for the 32-bit DWORD NtfsDisableEncryption and modify its value to 1.
Method 3: Disable EFS via Local Security Policy
- Use the Windows key + R to open the Run command. Type secpol.msc and hit Enter to open the Local Security Policy.
- Navigate to: Security Settings -> Public Key Policies -> Encrypting File System. Right-click on “Encrypting File System” and select Properties.
- Under the General tab, choose to not allow “File encryption Using Encrypting File System (EFS)”. Click OK and reboot your system.
- When you try to encrypt a folder/file, you’ll get the error message “This machine is disabled for file encryption“.
Revert the above change and you can get EFS encryption back to work.