If you want to disable EFS for a domain, organizational unit, or stand-alone computer, you can do it by simply applying an empty Encrypted Data Recovery Agents policy setting. Until Encrypted Data Recovery Agents settings are configured and applied through Group Policy, there is no policy and the default recovery agents are used by EFS. However, EFS must use the recovery agents that are listed in the Encrypted Data Recovery Agents Group Policy. If the policy that is applied is empty, there is no recovery agent, and therefore EFS does not operate.
Was this article helpful?