If you prefer keeping your files and folder encrypted, you might have run into the EFS or Encryption File System algorithm. This is an inbuilt feature of Windows 11 and Windows 10 and helps the user in securing their precious data. There is an alternate way of securing the user’s data on Windows 11/10, but the main advantage of EFS over BitLocker is the fact that it can help users encrypt a particular folder rather than encrypting the whole hard drive partition.
If you have a folder encrypted with Encrypting File System (EFS) and you move a file inside that folder, it automatically gets encrypted. Some people like this feature being handy but there are some people who would not like it. We will check out how to configure the settings for both choices.
Do not automatically encrypt files moved to encrypted folders
We will be trying the following methods to try to enable or disable automatic Encryption of files moved to Encrypted folders on Windows 10:
- Using the Register Editor Method.
- Using the Group Policy Editor Method.
I recommended you create a System Restore Point. This is because while doing these types of modifications, there are chances that something breaks on the software side of your computer. Or, if you do not have any habit to make a system restore point, I would encourage you to create one frequently.
1] Using the Registry Editor Method
Hit the WINKEY + R button combination to launch the Run utility, type in regedit and hit Enter. Click on Yes for the UAC or User Account Control Prompt that you get.
Once Registry Editor opens, navigate to the following key location-
Now right click on Explorer.
Select New > DWORD (32-bit) Value.
Name the newly created DWORD to NoEncryptOnMove and hit Enter to save it.
Double click on the NoEncryptOnMove DWORD and set its value to the following depending on your choice,
- 1: Disable Auto Encryption of files moved to Encrypted folders.
- 0: Enable Auto Encryption of files moved to Encrypted folders.
After you are done setting a value, close the Registry Editor and Reboot your computer for the changes to take effect.
2] Using the Group Policy Editor Method
Open Run box, type gpedit.msc and hit Enter to open the Local Group Policy Editor. Navigate to the following path:
Computer Configuration\Administrative Templates\System
In the right-side pane, you will see Do not automatically encrypt files moved to encrypted folders. Double click on it to set the policy.
The description of the Group Policy entry says,
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. If you enable this policy setting, File Explorer will not automatically encrypt files that are moved to an encrypted folder. If you disable or do not configure this policy setting, File Explorer automatically encrypts files that are moved to an encrypted folder. This setting applies only to files moved within a volume. When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
Finally, select the following radio button as per your preferences:
- Not Configured or Disabled: Enable Auto Encrypt of files moved to EFS Encrypted folders.
- Enabled: Disable Auto Encrypt of files moved to EFS Encrypted folders.
Click on Apply and then click on OK.
Close the Group Policy Editor and Reboot your computer of the changes to take effect.
If you are new to this encryption technique on Windows 11/10, we have already covered some topics that will interest you:
- How to backup EFS encryption key in Windows.
- How to decrypt EFS encrypted Files and Folders in Windows.
- How to encrypt files with EFS Encryption on Windows.