RE: GPO to encrypt offline files greys but doesn't set the client
- From: ajfried <ajfried@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Apr 2006 08:23:03 -0700
I believe the problem could be about whether the local user is a local admin.
See this hotfix:
http://support.microsoft.com/default.aspx?scid=kb;en-us;810859
Not terribly pretty.
"ajfried" wrote:
That is exactly where I am looking. Without the GPO (greying out the.
option), I can check and uncheck the box. When checked, if I look at the
advanced attributes of a file in a CSC folder, I see the "encrypt" check box
checked (in Windows explorer). If I go to a command prompt and type to TYPE
a file, I get "access denied". When the control panel option is unchecked, I
can see the contents of a file (for my testing, I have but one file so even
though the file name under CSC is some random file name in some meaningless
subfolder name, I know what the contents should be) and the file properties
show that it is NOT encrypted.
When I have the GPO on, the control panel option is grey but not checked and
the files under CSC are NOT encrypted.
Thanks.
"Pat Hoffer [MSFT]" wrote:
Offline files are stored and encrypted locally in the %SystemRoot%\CSC
(hidden)directory. Is that where you are looking to confirm whether the
files are encrypted?
Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"ajfried" wrote:
Clearly the GPO is disabling the user's ability to change the on/off
setting. However it DOES NOT seem to be turning on encryption.
The checkbox is greyed out (evidence that the user can no longer change the
setting) but it IS NOT CHECKED.
I have verified that that when it is in this state, the files are NOT
encrypted. That is, the GPO IS applied, the check box IS greyed out, the
user CANNOT change the setting but the box is NOT checked and the files are
NOT encrypted.
Am I missing something?
Thanks.
"Pat Hoffer [MSFT]" wrote:
The GPO is both enforcing encryption and disabling the user's ability to
change that enforcement. Leaving the option not checked does not mean that
the files are not encrypted. If you configure offline file encryption
through group policy, then group policy is controlling the on/off
setting--not the Control Panel UI.
More details are under "Using Offline Files" on this page:
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c06621675.mspx#EFG
Thanks.
Pat
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"ajfried" wrote:
In the description for the the GPO called "Encrypt the Offline Files cache"
it says "If you enable this setting, all files in the Offline Files cache are
encrypted."
When I apply this GPO, the corresponding option on the workstation (Control
Panel | Folder Options | Offline files | ecnrypt offline files to secure
data) DOES get greyed out - so that the cleint cannot chenge the setting.
HOWEVER, the option does NOT get checked. (If it was ALREADY checked it
remains checked). Having the option NOT checked leaves the offline files
UNencrypted.
The intent of the GPO seems to be to enforce encryption, but it seems to
merely disable a user's ability to change it.
Am I missing something? I am pretty sure I have verified that my assessmemt
above is accurate.
Thanks.
- References:
- RE: GPO to encrypt offline files greys but doesn't set the client
- From: Pat Hoffer [MSFT]
- RE: GPO to encrypt offline files greys but doesn't set the client
- From: ajfried
- RE: GPO to encrypt offline files greys but doesn't set the client
- Prev by Date: Re: WinXP TCP/IP connection logging?
- Next by Date: Re: Administrator Interactive logon XP Home
- Previous by thread: RE: GPO to encrypt offline files greys but doesn't set the client
- Next by thread: Powering off is the only way to restart or shutdown!
- Index(es):
Relevant Pages
|
