Export (0) Print
Expand All
Expand Minimize

Decrypt method of the Win32_EncryptableVolume class

The Decrypt method of the Win32_EncryptableVolume class begins decryption of a fully encrypted volume, or resumes decryption of a partially encrypted volume.

When decryption is paused or in-progress, this method behaves the same as ResumeConversion. When encryption is paused or in-progress, this method reverts the encryption and begins decryption. After decryption completes, all key protectors on this volume are removed from the system and the volume converts to a standard NTFS file system.

Note  If the disc is hardware encrypted, the Decrypt method sets band status to "always unlocked", removes all associated metadata, and zeroes the security ID for the drive.

Syntax


uint32 Decrypt();

Parameters

This method has no parameters.

Return value

Type: uint32

This method returns one of the following codes or another error code if it fails.

This method returns immediately. If the volume is already fully decrypted and no other errors exist, this method returns 0.

Return code/valueDescription
S_OK
0 (0x0)

The method was successful.

FVE_E_LOCKED_VOLUME
2150694912 (0x80310000)

The volume is locked.

FVE_E_AUTOUNLOCK_ENABLED
2150694953 (0x80310029)

This volume cannot be decrypted because keys used to automatically unlock data volumes are available.

Use ClearAllAutoUnlockKeys to remove these keys.

 

Security Considerations

Calling the Decrypt method leaves data unprotected.

If the protection status of the volume is 1 (PROTECTION ON) before this method is used, successful completion of this method changes the protection status to 0 (PROTECTION OFF), since by definition a partially encrypted volume is not protected.

Remarks

If the volume is not already fully decrypted, running Decrypt causes GetConversionStatus to indicate that decryption is progress and shows the percentage of the volume that remains encrypted.

If the protection status of the volume is "on" before this method is run, running this method changes the protection status to "off", since by definition a partially encrypted volume is not protected.

If this method is run on the currently running operating system volume and this operating system volume is being used to automatically unlock data volumes (see method EnableAutoUnlock) you must first call the method ClearAllAutoUnlockKeys.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Minimum supported client

Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Namespace

\\.\root\CIMV2\Security\MicrosoftVolumeEncryption

MOF

Win32_encryptablevolume.mof

See also

Win32_EncryptableVolume

 

 

Community Additions

ADD
Show:
© 2014 Microsoft