Short Version

I have files on a ReFS volume where Integrity Stream integrity is Enforced is true.

PS M:\> Get-Item Contoso.vhdx | Get-FileIntegrity

FileName         Enabled  Enforced
--------         -------  --------
M:\Contoso.vhdx  False    True

I want to turn Enforced off:

PS M:\> Get-Item "M:\Contoso.vhdx" | Set-FileIntegrity -Enforce $False
PS M:\> Get-Item Contoso.vhdx | Get-FileIntegrity

FileName         Enabled  Enforced
--------         -------  --------
M:\Contoso.vhdx  False    True

How do i turn off Enforced file integrity?

Long Version

ReFS has a feature known as Integrity Streams. When you enable this optional feature for files, the filesystem maintains a CRC of the file. With this checksum, it can validate that a file has not been damaged.

The down-side of the Integrity Streams feature is:

• if it detects even a single-bit error
• in an otherwise fine 340 GB file (e.g. ProductionServer.vhdx)
• it will delete the entire file

No warning. No question. No appeal. One uncorrectable bit and you lose all your data.

This is what Enforced means. It means that you are forced to suffer complete data loss. And if you didn't like it: you shouldn't have enabled file integrity.

This behavior is quietly documented:

Key Benefits

Resiliency

Salvaging data – If a volume becomes corrupted and an alternate copy of the corrupted data doesn't exist, ReFS removes the corrupt data from the namespace. ReFS keeps the volume online while it handles most non-correctable corruptions, but there are rare cases that require ReFS to take the volume offline.

(emphasis mine)

It's also partially documented in Set-FileIntegrity cmdlet:

-Enforce: Indicates whether to enable blocking access to a file if integrity streams indicate data corruption.

That sounds like the thing that we'd want to not exist. That sounds like the feature that no sane person on the planet would ever want to even exist, let alone have Enabled. And yet it defaults to on.

Note: It says "block", and the first page says "remove". Whatever the terminology: there is no way to access the file ever again. I.e. there is no way to "un-block" it, nor is there any way to "un-remove" it. In all ways that matter your data is gone.

How to turn off Enforced?

The question becomes: how do you turn it off?

You try running the powershell commandlet:

PS M:\> Get-Item "M:\Contoso.vhdx" | Set-FileIntegrity -Enforce $False

And it doesn't work. No error; it just doesn't turn the option off.

How to make it work?

• Yes, running as an administrator.
• Yes, on an elevated powershell.
• Windows Server 2012 (6.2.9200)
• Windows 10 (10.0.17763.864)

tl;dr: How to turn off Enforced file integrity on ReFS?

Enforced has no meaning until file integrity is enabled

I discovered in the intervening months even though file integrity might be Enforced, that enforcement doesn't have any effect until file integrity is Enabled.

If Enabled is $False, then the value of irrelevant.

File-Integrity

| Enabled | Enforced | Result    |
|---------|----------|-----------|
| $False  | n/a      | No effect | (Default) Irreparable damage will **not** cause the file to be deleted
| $True   | $False   | Good      | A good choice that you have to opt-into. File damage will be found, and simply reported in the event log
| $True   | $True    | Disaster  | Any damage that cannot be repaired and your file will be deleted without warning

I don't know why anyone would choose to enforce catastrophic data loss; but there the option is.

More information about the intentionlly deleting your data feature

I found a well hidden Word document by Microsoft. Application Compatibility with ReFS.docx:

Application Compatibility with ReFS

Microsoft Corporation
Published: March 2012

It mentions the feature (paradoxically termed "Salvage"), that instantly deletes your data:

1.7 Salvage

To maximize the availability of data on a volume, ReFS implements “salvage”, a feature that will remove corrupt data from the namespace in the event that the corruption cannot be automatically repaired. The intention behind this feature is to ensure that non-repairable corruption does not adversely affect the availability of non-corrupt data. If, for example, a single file in a directory were to become corrupt and could not be automatically repaired, salvage will remove that file from the file system namespace. A corrupt file cannot be opened or deleted by the file system, making it impossible for an Administrator to respond. With salvage, an Administrator can recover that file from a backup or have the application re-create it. Salvage is compatible with user files, directories, and other file system metadata.

For file system filter drivers, you must implement code that can gracefully react to a file or directory disappearing suddenly.

Note that ReFS does not require chkdsk and chkdsk will never run on a ReFS volume.

The rational for deleting files is…tautological:

this feature is to ensure that non-repairable corruption does not adversely affect the availability of non-corrupt data.

That doesn't make any sense, either in programming, logic, or english. But there it is.