How to Enable or Disable File Encryption in Windows 10 (NTFS EFS)

If you have Windows 10 Pro, Enterprise, or Education, the easiest way to enable EFS is through the local group policy editor. This way, you get a nice, understandable UI and full transparency about the changes you’re making. If you have Windows 10 Home, check the registry section below. Otherwise, follow along here:

1. Open the Local Group Policy editor
   

   
   Press Start and type “Edit group policy”. Click the top result.
   
   

2. Navigate to the EFS NTFS section and open the Windows 10 encryption policy 
   

   
   In the sidebar of the Local Group Policy Editor, find the “Filesystem” folder and click “NTFS”. In your main pane, you should see a setting called “Do not allow encryption on all NTFS volumes”. Double-click it.
   
   

3. Enable or remove EFS NTSF encryption
   

   
   In the policy, choose “Not Configured”, “Enabled”, to “Disabled”. Here’s what each option does:

   Option	Function
   Enabled	Remove EFS encryption as an option on all NTFS drives
   Disabled	Enable EFS NTFS encryption as an option on all drives
   Not Configured	Follow the system default settings

   
   Press OK once you’ve made your selection and Restart your PC to apply the changes. 
   
   

If you don’t have Windows 10 Pro, don’t worry – you can still enable the EFS service. However, it will require you to make some changes to your registry. Make sure you back up your registry before continuing just to be safe.

We’ll walk you through the process manually for full transparency, but you can also check the section below for a .REG file if you’re in a hurry. Let’s get started:

1. Open Regedit
   

   
   Press “Windows + R” to open the Run dialog and type “regedit”. Click the “OK” button to open the Registry Editor.
   
   

2. Navigate to the Policies key and create a new DWORD
   

   
   In your Registry Editor search bar, paste the following:

   Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies

   In the main pane, right-click any empty space and choose “New > DWORD (32-bit) Value”. Name the DWORD NtfsDisableEncryption, taking care to copy the capitalization exactly.

   
3. Change the value data to enable or disable Windows file encryption
   

   
   Modify the value data to turn NTFS EFS encryption on or off, setting it one 1 to remove the EFS option and 0 to enable it. Press “OK” when you’re done.
   
   

To make the registry editing process simpler and safer, we have created a .REG file. You can simply double-click this to disable or enable EFS for your system. You can download the .zip file here.

After the download has finished, perform the following steps:

1. Unzip the file
   

   
   Right-click the .zip file and select “Extract All…” from the fly-out menu.
   
   

2. Browse to the extraction location and click “Extract”
   

   
   
   

3. Double-click the disable or enable NTFS registry key
   

   
   
   

4. Press “Yes” to the warning dialog

   
   

5. Click “OK” and restart your PC
   

   
   lf you’d like to switch back to your original setting at any point simply double-click the other registry key and repeat the process. We recommend you keep both .reg files in a safe location incase you ever want to change the setting again.