Skip to main content
DuplicateEncryptionInfoFile function

Copies the EFS metadata from one file or directory to another.


DWORD WINAPI DuplicateEncryptionInfoFile(
  _In_           LPCTSTR               SrcFileName,
  _In_           LPCTSTR               DstFileName,
  _In_           DWORD                 dwCreationDistribution,
  _In_           DWORD                 dwAttributes,
  _In_opt_ const LPSECURITY_ATTRIBUTES lpSecurityAttributes


SrcFileName [in]

The name of the file or directory from which the EFS metadata is to be copied. This source file or directory must be encrypted.

DstFileName [in]

The name of the file or directory to which the EFS metadata is to be copied.

This destination file or directory does not have to be encrypted before the call to this function; however if this function completes successfully, it will be encrypted.

If the value of SrcFileName specifies a file, the value of this parameter must also specify a file, and likewise for directories. If a file or directory with the name specified by this parameter does not exist, a file or directory (depending on whether SrcFileName specifies a file or directory) will be created.

dwCreationDistribution [in]

Describes how the destination file or directory identified by the DstFileName parameter value is to be opened. The following are the valid values of this parameter.


Always create the destination file or directory. Any value passed in this parameter other than CREATE_NEW will be processed as CREATE_ALWAYS.


Create the destination file or directory only if it does not already exist. If it does exist, and this value is specified, this function will fail.


dwAttributes [in]

The file attributes of the destination file or directory. The FILE_READ_ONLY attribute is currently not processed by this function.

lpSecurityAttributes [in, optional]

A pointer to a SECURITY_ATTRIBUTES structure that specifies the security attributes of the destination file or directory, if it does not already exist. If you specify NULL, the file or directory gets a default security descriptor. The ACLs in the default security descriptor for a file or directory are inherited from its parent directory.

Return value

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a system error code. For a complete list of error codes, see System Error Codes or the header file WinError.h.


Exclusive access to the destination file or directory is required by EFS for the call to this function. If this access is not provided, this function will fail.

The caller should have the EFS key for the source file or directory, and at least the READ_ATTRIBUTE ACL for the source file or directory.

The specified source and destination file or directories should reside on the same computer; otherwise, an error will be returned.

In Windows 8 and Windows Server 2012, this function is supported by the following technologies.


Server Message Block (SMB) 3.0 protocol


SMB 3.0 Transparent Failover (TFO)


SMB 3.0 with Scale-out File Shares (SO)


Cluster Shared Volume File System (CsvFS)


Resilient File System (ReFS)



SMB 3.0 does not support EFS on shares with continuous availability capability.


Minimum supported client

Windows XP Professional [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]


Winefs.h (include Windows.h)





See also

File Encryption
File Management Functions