Encrypting File System (EFS) Service Defaults in Windows 10

Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Default Settings

Startup type:Manual
Display name:Encrypting File System (EFS)
Service name:EFS
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\System32\lsass.exe
File:%SystemRoot%\system32\efssvc.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS
Privileges:
  • SeImpersonatePrivilege
  • SeTcbPrivilege
  • SeIncreaseQuotaPrivilege
  • SeAssignPrimaryTokenPrivilege
  • SeAuditPrivilege

Default Behavior

Encrypting File System (EFS) is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Encrypting File System (EFS) service is started, it is running as LocalSystem in a shared process of lsass.exe along with other services. If Encrypting File System (EFS) fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the EFS service has failed to start due to the error.

Dependencies

Encrypting File System (EFS) cannot be started under any conditions, if the Remote Procedure Call (RPC) service is disabled.

Restore Default Startup Configuration for Encrypting File System (EFS)

1. Select your Windows 10 edition and release, and then click Download.

2. Save the Win10_EFS_Service_Startup.cmd file to a local storage device.

3. Run the saved file as an administrator.

4. Restart the computer.

The EFS service is using the efssvc.dll file that is located in the %WinDir%\system32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.