Home > Wiki Tips

Encrypting File System Overview & How to Disable EFS System?

Updated on Tuesday, December 3, 2024

Written by

Sherry Song

Approved by

Jessica Shee

English Français Deutsch やまと Español Português

Summary: Encrypting File System offers protection to encrypting files, widely used in today's life. This post from iBoysoft will explore what is Encrypting File System, the difference between EFS and BitLocker, and how to enable or disable it on your computer.

Encrypting File System(EFS) is a feature in Microsoft Windows that provides file system-level encryption to protect sensitive data stored on disk. It's designed to enhance security by encrypting files and folders, rendering them unreadable to authorized users or processes.

EFS has been an integral part of Windows operating systems since Windows 2000 and continues to be utilized for data protection purposes. You must hear NTFS, it supports EFS.

Here we will delve into what is Encrypting File System, how the Encrypting File System works, the applications, and the difference between BitLocker and EFS.

How does the Encrypting File System work?

To encrypt and encrypt files, Encrypting File System operates by using public key encryption technology. When a user enables encryption on a file or folder, EFS generates a unique encryption key called a File Encryption Key(FEK). This FEK is then encrypted using the user's public key and stored with the encrypted file.

Consequently, only users with the appropriate decryption key, typically their private key, can access the encrypted data.

Benefits and Use Cases of Encrypting File System

There are many benefits and use cases that the Encrypting File System provides:

Benefits of Encrypting File System

  • Data security: Encrypting File System EFS enhances data security, ensuring that sensitive information remains inaccessible to unauthorized users or processes.
  • Granular control: Administrators can selectively encrypt individual files or directories, offering granular control over which data is protected, thereby maintaining flexibility in data management.
  • Compliance: EFS helps organizations comply with regulatory requirements related to data protection and privacy by providing a robust encryption mechanism.
  • Seamless integration: Encrypting File System seamlessly integrates into the Windows operating system, operating in the background without disrupting user workflow or requiring additional software installation.

Use cases

Use cases for EFS span various sectors, including healthcare, finance, and government, where the confidentiality of data is paramount. If finds application in protecting financial records, medical histories, intellectual property, and any other sensitive information that requires stringent security measures.

If you like this post, can you share it with others? Let's move to the EFS VS BitLocker.

 

What is the difference between BitLocker and Encrypting File System?

While both BitLocker and EFS serve encryption purposes in Windows environments, they differ significantly in some parts:

 Encrypting File SystemBitLocker 
Encrypting waysEncrypting individual files on any driveEncrypting all personal and system files on the drive on the same computer
For the user accountMust depend onDon't need
For special hardwareDon't needNeed a Trusted Platform Module(TPM) 
Have to be an administratorNoYes
CompatibilityAvailable in most versions of WindowsAvailable in specific editions of Windows 

In summary, while both Encrypting File System and BitLocker provide encryption capabilities in the Windows environment, they differ in their scope, management, and compatibility. BitLocker is suited for full-disk encryption at the volume level, whereas EFS is tailored for file-level encryption, offering more granular control over data protection.

How to enable/disable the Encrypting File System on Windows 11?

So if you want to know how to enable/disable EFS on your Windows, continue trying the ways below.

Enable Encrypting File System by Local Security Policy

  1. Press the Windows and R keys then type secpol.msc and press Enter. 
  2. Security Settings > Public Key Policies. 
  3. Right-click Encrypting File System and select Properties. 
  4. In the General window, find File encryption using Encrypting File System(EFS) and select Allow > Apply > OK. 
     

Enable/Disable Encrypting File System by Registry Editor

  1. Press Windows and R keys then type Regedit and click OK. 
  2. Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Policies.
     
  3. Right-click anywhere on the right side > New > DWORD (32-bit) Value. 
  4. Name it as NtfsDisableEncryption and press Enter.

 Tips: Note that to enable/disable EFS, simply double-click on the NtfsDisableEncryption value, adjust its Value data to 0/1, and then confirm by clicking OK.

In conclusion, Encrypting File System stands as a cornerstone of data security in the Windows environment, offering robust encryption capabilities to safeguard sensitive information. Share this post with more people.