Encrypting File System (EFS) Service Defaults in Windows 8

Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.

Default Settings

Startup type: Manual
Display name:Encrypting File System (EFS)
Service name:EFS
Service type:share
Error control:normal
Object:LocalSystem
Path:%SystemRoot%\System32\lsass.exe
File:%SystemRoot%\system32\efssvc.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS
Privileges:
  • SeImpersonatePrivilege
  • SeTcbPrivilege
  • SeIncreaseQuotaPrivilege
  • SeAssignPrimaryTokenPrivilege
  • SeAuditPrivilege

Default Behavior

Encrypting File System (EFS) is a Win32 service. In Windows 8 it will not be started until the user starts it. When the Encrypting File System (EFS) service is started, it runs as LocalSystem in a process of lsass.exe, sharing it with other services. If Encrypting File System (EFS) fails to start, the error details are added to Windows 8 error log. When the operating system startup is complete, the user is being notified that the EFS service hasn't been started.

Dependencies

Encrypting File System (EFS) can't start, if the Remote Procedure Call (RPC) service is disabled or not available.

Restore Default Startup Configuration of Encrypting File System (EFS)

Before you begin doing this, make sure that all the services on which Encrypting File System (EFS) depends are configured by default and function properly. See the list of dependencies above.

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config EFS start= demand

3. Close the command window and restart the computer.

The EFS service is using the efssvc.dll file that is located in the C:\Windows\system32 directory. If the file is removed or corrupted, read this article to restore its original version from Windows 8 installation media.