EFS, available in both Windows 2000 and XP Professional, enables users to secure data on a hard drive using public key encryption. Even if an attacker gains access to data on a hard drive, files on the drive that have been encrypted are useless without the decryption key. This feature is great for laptop users and organizations that need to further secure highly sensitive data. Files can be encrypted individually or a folder can be designated as encrypted so that any file written to that folder is automatically encrypted. IT only works with an NTFS partition, but when enabled, EFS is transparent to the user.
But EFS may not be appropriate for your situation, and in that case, you may want to disable it. Or you may have disabled it (or someone else did) and you want it back again. You can do this by editing the registry.
If EFS is not appropriate in your environment, or if you have files that you do not want to be encrypted, you can disable EFS via the registry.
The following procedure shows how this can be done using Windows XP Professional:
- Run Regedit
- Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionEFS subkey.
- Go to edit then select New. Select DWORD Value.
- Enter a name of EfsConfiguration and press Enter.
- Double-click the new value then set it to 1 to disable EFS, Click OK.
- Close the registry editor.
- Reboot the machine
If you wish to enable EFS you can set the registry value to 0.
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in September 2002