Decrypt method of the Win32_EncryptableVolume class

The Decrypt method of the Win32_EncryptableVolume class begins decryption of a fully encrypted volume, or resumes decryption of a partially encrypted volume.

When decryption is paused or in-progress, this method behaves the same as ResumeConversion. When encryption is paused or in-progress, this method reverts the encryption and begins decryption. After decryption completes, all key protectors on this volume are removed from the system and the volume converts to a standard NTFS file system.

Note

If the disc is hardware encrypted, the Decrypt method sets band status to "always unlocked", removes all associated metadata, and zeroes the security ID for the drive.

 

Syntax

uint32 Decrypt();

Parameters

This method has no parameters.

Return value

Type: uint32

This method returns one of the following codes or another error code if it fails.

This method returns immediately. If the volume is already fully decrypted and no other errors exist, this method returns 0.

Return code/value Description
S_OK
0 (0x0)
The method was successful.
FVE_E_LOCKED_VOLUME
2150694912 (0x80310000)
The volume is locked.
FVE_E_AUTOUNLOCK_ENABLED
2150694953 (0x80310029)
This volume cannot be decrypted because keys used to automatically unlock data volumes are available.
Use ClearAllAutoUnlockKeys to remove these keys.

 

Security Considerations

Calling the Decrypt method leaves data unprotected.

If the protection status of the volume is 1 (PROTECTION ON) before this method is used, successful completion of this method changes the protection status to 0 (PROTECTION OFF), since by definition a partially encrypted volume is not protected.

Remarks

If the volume is not already fully decrypted, running Decrypt causes GetConversionStatus to indicate that decryption is progress and shows the percentage of the volume that remains encrypted.

If the protection status of the volume is "on" before this method is run, running this method changes the protection status to "off", since by definition a partially encrypted volume is not protected.

If this method is run on the currently running operating system volume and this operating system volume is being used to automatically unlock data volumes (see method EnableAutoUnlock) you must first call the method ClearAllAutoUnlockKeys.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Requirement Value
Minimum supported client
Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only]
Minimum supported server
Windows Server 2008 [desktop apps only]
Namespace
Root\CIMV2\Security\MicrosoftVolumeEncryption
Header
Infocard.h
MOF
Win32_encryptablevolume.mof

See also

Win32_EncryptableVolume