Decrypt method of the Win32_EncryptableVolume class
The Decrypt method of the Win32_EncryptableVolume class begins decryption of a fully encrypted volume, or resumes decryption of a partially encrypted volume.
When decryption is paused or in-progress, this method behaves the same as ResumeConversion. When encryption is paused or in-progress, this method reverts the encryption and begins decryption. After decryption completes, all key protectors on this volume are removed from the system and the volume converts to a standard NTFS file system.
Note
If the disc is hardware encrypted, the Decrypt method sets band status to "always unlocked", removes all associated metadata, and zeroes the security ID for the drive.
Syntax
uint32 Decrypt();
Parameters
This method has no parameters.
Return value
Type: uint32
This method returns one of the following codes or another error code if it fails.
This method returns immediately. If the volume is already fully decrypted and no other errors exist, this method returns 0.
| Return code/value | Description |
|---|---|
|
The method was successful. |
|
The volume is locked. |
|
This volume cannot be decrypted because keys used to automatically unlock data volumes are available. Use ClearAllAutoUnlockKeys to remove these keys. |
Security Considerations
Calling the Decrypt method leaves data unprotected.
If the protection status of the volume is 1 (PROTECTION ON) before this method is used, successful completion of this method changes the protection status to 0 (PROTECTION OFF), since by definition a partially encrypted volume is not protected.
Remarks
If the volume is not already fully decrypted, running Decrypt causes GetConversionStatus to indicate that decryption is progress and shows the percentage of the volume that remains encrypted.
If the protection status of the volume is "on" before this method is run, running this method changes the protection status to "off", since by definition a partially encrypted volume is not protected.
If this method is run on the currently running operating system volume and this operating system volume is being used to automatically unlock data volumes (see method EnableAutoUnlock) you must first call the method ClearAllAutoUnlockKeys.
Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Windows SDK. They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista Enterprise, Windows Vista Ultimate [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
| Namespace |
Root\CIMV2\Security\MicrosoftVolumeEncryption |
| Header |
|
| MOF |
|
See also