Disabling EFS for a Specific Folder

  • Article

You can disable EFS on any folder by using Windows Explorer to set the System attribute to "on." This takes advantage of the safety precaution that prevents the encryption of files that are needed for the system to start. There are some folders, however, that cannot be marked as system folders. An example is the Profiles folder, which contains Ntuser.dat files.

To disable EFS on folders that cannot be marked as system folders

  • Use the Winadvapi API, which has the following format:

WINADVAPI

BOOL

EncryptionDisable(

IN LPCWSTR DirPath,

IN BOOL Disable

)

/*++

This routine disables and enables EFS in the directory DirPath.

Arguments are:

DirPath - Directory path.

Disable - TRUE to disable (FALSE to enable)

The return value is:

TRUE for SUCCESS

--*/

The header file for this is Winefs.h. This API disables or enables EFS in the folder that is passed in. It creates a Desktop.ini file with these lines:

[Encryption]

Disable=1; (or Disable=0)

If Desktop.ini already exists, the API adds these lines to the file. Manually adding the lines to a Desktop.ini file has the same effect.