The documentation states that the encryption attribute in a directory is just a flag that indicates that all its children should be encrypted.
For a file, you can toggle encryption with
(Get-Item -Path filename).Decrypt() (Get-Item -Path filename).Encrypt()
These methods are defined in
FileInfo and don’t exist in
DirectoryInfo. In neither case can you set the attribute directly, i.e. this does nothing:
(Get-Item -Path filename).Attributes -= 'Encrypted'
(This type of attribute setting will work with things like
ReadOnly but not things like
What I would like to do is:
- Create a new directory inside a directory that is encrypted.
- Set the encrypted attribute to false in this new directory.
- Fill the new directory with files which will thus not be encrypted.
Is this possible from a script?
Note: I do not want to fill the directory first and then go and call
Decrypt() on every file; this does not solve the problem of having all new files not be encrypted.
It isn’t obvious (and you have to wonder why
System.IO.DirectoryInfo instances don’t expose
.Decrypt() methods, as you have to wonder why attempts to remove the
Encrypted attribute via
.Attributes are quietly ignored), but the
System.IO.File class has static
.Decrypt() methods that also operate on directory paths.
# Create a new dir. inside an encrypted dir., which by default # will have the Encrypted attribute set too. $dirInfo = New-Item -Type Directory -Path $encryptedDir -Name NewUnencryptedDir # Remove the Encrypted attribute, so that files and subdirs. created inside # will be unencrypted. # Note: Be sure to always pass a *full* path, because .NET's current dir. # usually differs from PowerShell's. [IO.File]::Decrypt($dirInfo)
Answered By – mklement0