yup. SetEncryption should do it - just set a drive that does not exist and it should decrypt the rest.
BUT, are you sure you want to decrypt the drive - perhaps what you really want is to remove EEPC (encryption plus boot code) - that's a different question/matter though. To do that you'll need to move the machine into a group with the activation state set to "disable", and then do a SetGroupConfig
Are you sure that you want to leave it in customer's hands (decrypt drive)? How will you control that they remove encryption only where is needed?
You can run scripted (scheduled) operations on database machine objects or use EEM to perform that manually.
We aren't leaving it in the hands of the user. A task will be deployed via SCCM that does a basic health check of the user's system to determine the probability of success for an inplace windows XP to 7 migration--drive space, chkdsk, data set size, hard drive fitness test, status of internet backup. The only piece we hadn't worked out was decrypting for data migration. We will decrypt the drive and set a timer in the registry. If the user has not run the Win7 migration task within 48 hours, the machine will be reencrypted.