RE: GPO to encrypt offline files greys but doesn't set the client

Offline files are stored and encrypted locally in the %SystemRoot%\CSC
(hidden)directory. Is that where you are looking to confirm whether the
files are encrypted?

Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"ajfried" wrote:

Clearly the GPO is disabling the user's ability to change the on/off
setting. However it DOES NOT seem to be turning on encryption.

The checkbox is greyed out (evidence that the user can no longer change the
setting) but it IS NOT CHECKED.

I have verified that that when it is in this state, the files are NOT
encrypted. That is, the GPO IS applied, the check box IS greyed out, the
user CANNOT change the setting but the box is NOT checked and the files are
NOT encrypted.

Am I missing something?

Thanks.

"Pat Hoffer [MSFT]" wrote:

The GPO is both enforcing encryption and disabling the user's ability to
change that enforcement. Leaving the option not checked does not mean that
the files are not encrypted. If you configure offline file encryption
through group policy, then group policy is controlling the on/off
setting--not the Control Panel UI.

More details are under "Using Offline Files" on this page:
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c06621675.mspx#EFG

Thanks.
Pat

--
This posting is provided "AS IS" with no warranties, and confers no rights.


"ajfried" wrote:

In the description for the the GPO called "Encrypt the Offline Files cache"
it says "If you enable this setting, all files in the Offline Files cache are
encrypted."

When I apply this GPO, the corresponding option on the workstation (Control
Panel | Folder Options | Offline files | ecnrypt offline files to secure
data) DOES get greyed out - so that the cleint cannot chenge the setting.
HOWEVER, the option does NOT get checked. (If it was ALREADY checked it
remains checked). Having the option NOT checked leaves the offline files
UNencrypted.

The intent of the GPO seems to be to enforce encryption, but it seems to
merely disable a user's ability to change it.

Am I missing something? I am pretty sure I have verified that my assessmemt
above is accurate.

Thanks.
.

Relevant Pages

  • Unable to Encrypt Offline Files via GPO or registry & dont want to set manually
    ... I'm trying to apply the setting "Encrypt Offline Files to secure data" to ... Files cache Group Policy. ... with no other settings configured. ... confirmed that those who aren't showing encryption in the check box truly ...
    (microsoft.public.windows.group_policy)
  • Re: Access Denied after Encrypting Offline Cache
    ... Try to manually use EFS on a test folder/file on one of the ... Encryption of the Offline Files cache failed with error 5. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: GPO to encrypt offline files greys but doesnt set the client
    ... When the control panel option is unchecked, ... However it DOES NOT seem to be turning on encryption. ... That is, the GPO IS applied, the check box IS greyed out, the ... More details are under "Using Offline Files" on this page: ...
    (microsoft.public.windowsxp.security_admin)
  • RE: GPO to encrypt offline files greys but doesnt set the client
    ... Without the GPO (greying out the ... When the control panel option is unchecked, ... However it DOES NOT seem to be turning on encryption. ... More details are under "Using Offline Files" on this page: ...
    (microsoft.public.windowsxp.security_admin)
  • Offline file encryption Setup
    ... The notebooks have XP Pro, but our servers are Y2K. ... Is it better to synchronize offline files at logoff or login for mobile ... How come when I try to enable encryption of the offline files on the ...
    (microsoft.public.windowsxp.security_admin)