Posts Tagged ‘encrypt contents to secure data grayed out’

3 Ways to Disable EFS (Encrypting File System) in Windows 10 / 8 / 7

December 7th, 2018 by Admin

EFS (Encrypting File System) is a feature built into the NTFS file system in Windows that lets you encrypt folders or files on the fly. Though it’s free, many users would like to use third-party alternatives like TrueCrypt, Lock My Folders. In this tutorial we’ll show you 3 ways to disable EFS in Windows 10 / 8 / 7.

Method 1: Disable EFS via Local Group Policy Editor

  1. Open the Local Group Policy Editor and navigate to:
    Computer Configuration\Administrative Templates\System\Filesystem\NTFS.

    In the right pane, double-click on the “Do not allow encryption on all NTFS volumes” policy to edit it.

  2. Select Enabled and click OK.

  3. Reboot your computer for the policy to take effect. The option “encrypt contents to secure data” should be greyed out and you’re unable to encrypt or decrypt folders/files with EFS.

You can also use Registry Editor to enable the “Do not allow encryption on all NTFS volumes” policy. Just navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies, create a 32-bit DWORD NtfsDisableEncryption and set its value to 1.

If you want to enable EFS encryption again, just set NtfsDisableEncryption to 0 and reboot your computer.

Method 2: Disable EFS via Command Prompt

Open the elevated Command Prompt, and run the following command to disable EFS:
fsutil behavior set disableencryption 1

If you ever want to turn on EFS again, execute this command:
fsutil behavior set disableencryption 0

This task could also be done using a registry tweak. Just open Registry Editor and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem. Look for the 32-bit DWORD NtfsDisableEncryption and modify its value to 1.

Method 3: Disable EFS via Local Security Policy

  1. Use the Windows key + R to open the Run command. Type secpol.msc and hit Enter to open the Local Security Policy.

  2. Navigate to: Security Settings -> Public Key Policies -> Encrypting File System. Right-click on “Encrypting File System” and select Properties.

  3. Under the General tab, choose to not allow “File encryption Using Encrypting File System (EFS)”. Click OK and reboot your system.

  4. When you try to encrypt a folder/file, you’ll get the error message “This machine is disabled for file encryption“.

Revert the above change and you can get EFS encryption back to work.