How to: Disable Encrypted File System (EFS) on Windows 2008 R2

Whitin Windows you can use the Encrypted File System (EFS) feature. Encrypting File System (EFS) is a core encryption technology that enables you to encrypt files stored on NTFS volumes. When you want to disable this feature for your endusers, you can configure this through a group policy. To disable EFS on your Windows fileserver(s), configure the following GPO:

1.) Create a new GPO, for example Disable EFS
2.) Navigate to the following location:
Computer Configuration \ Windows Settings \ Security Settings \ Public Key Policies \ Encrypting File System
3.) Right-click on Encypting File System and select Properties
4.) Select Don’t allow
5.) Link the new GPO to the organizational unit where your fileserves are placed into
6.) Run the gpupdate /force on the specific fileserver

When you’re now trying to select the encryption of a file of folder, this is possible! But when you hit the Apply button, you’ll receive an error “This machine is disabled for file encription”.


Comments are closed.