Windows apps
Collapse the table of content
Expand the table of content
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

EncryptionDisable function

Disables or enables encryption of the specified directory and the files in it. It does not affect encryption of subdirectories below the indicated directory.


BOOL WINAPI EncryptionDisable(
  _In_ LPCWSTR DirPath,
  _In_ BOOL    Disable


DirPath [in]

The name of the directory for which to enable or disable encryption.

Disable [in]

Indicates whether to disable encryption (TRUE) or enable it (FALSE).

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.


Under normal circumstances, EncryptFile will not encrypt files and directories with the FILE_ATTRIBUTE_SYSTEM attribute set. It is possible to override the FILE_ATTRIBUTE_SYSTEM attribute and encrypt files. Also, if a file or directory is marked with the FILE_ATTRIBUTE_SYSTEM attribute, it will normally be invisible to the user in directory listings and Windows Explorer directory windows. EncryptionDisable disables encryption of directories and files. It does not affect the visibility of files with the FILE_ATTRIBUTE_SYSTEM attribute set.

If TRUE is passed in, EncryptionDisable will write the following to the Desktop.ini file in the directory (creating it if necessary):


If the section already exists but Disable is set to 0, it will be set to 1.

Thereafter, EncryptFile will fail on the directory and the files in it, and the code that GetLastError returns will be ERROR_DIR_EFS_DISALLOWED. This function does not affect encryption of subdirectories within the given directory.

The user can also manually add or edit the above lines in the Desktop.ini file and produce the same effect.

EncryptionDisable affects only FileEncryptionStatus and EncryptFile. After the directory is encrypted, any new files and new subdirectories created without the FILE_ATTRIBUTE_SYSTEM attribute will be encrypted.

If FALSE is passed in, EncryptionDisable will write the following to the Desktop.ini file:


This means that file encryption is permitted on the files in that directory.

If you try to use EncryptionDisable to set the directory to the state it is already in, the function succeeds but has no effect.

If you try to use EncryptionDisable to disable or enable encryption on a file, the attempt will fail.

In Windows 8 and Windows Server 2012, this function is supported by the following technologies.


Server Message Block (SMB) 3.0 protocol


SMB 3.0 Transparent Failover (TFO)


SMB 3.0 with Scale-out File Shares (SO)


Cluster Shared Volume File System (CsvFS)


Resilient File System (ReFS)



SMB 3.0 does not support EFS on shares with continuous availability capability.


Minimum supported client

Windows XP Professional [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]


WinEfs.h (include Windows.h)





See also

File Attribute Constants
File Encryption
File Management Functions



© 2018 Microsoft