Sign in with
Sign up | Sign in
Your question

Encrypting the Offline Files cache

Last response: in Windows XP
Share
Anonymous
December 20, 2004 7:33:02 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I've the following situation:
- Active Directory W2K3, using OU's and GPO's for controlling settings on
the clients
- Windows XP SP2 clients (laptops)
- "My Documents' is redirected to the users' homeshare and made offline
available
- The Offline Files cache encryption is enabled using a GPO setting
- EFS is enabled for users using default Domain GPO
- The domain administrator is the default data recovery agent

Question:
How can I check if the CSC (cache) directory is encrypted (automatically) on
the client?

Additional info:
- I've used the EFSINFO resource kit tool to check if the CSC is encrypted.
It says "not encrypted".
- When I display the attributes belonging to the CSC directory, there is no
"E" attribute for encrypted.
- There is no user certificate on the client, which I think should be
present.

What is going wrong here.

Thanx in advance..
Anonymous
December 21, 2004 6:56:18 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The user interface in the on the client is the best way to check. The UI
has logic to decide whether the "encrypt" option is available (unencrypted)
or not an option (unsupported client or already encrypted on a supported
client configuration).

Encryption of the cached items for client side caching is done within the
cached items database, so it will not display as encrypted as other file
system objects would (like an encrypted Word doc) even if it is encrypted.

If you have a need to prove that the items are encrypted for a security
audit, please contact Microsoft Product Support Services and we can help.
You should not be charged for this incident if that is all you need.

Please repost if you have any additional questions or concerns.
--

Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Helmuth Snoeijen" <HelmuthSnoeijen@discussions.microsoft.com> wrote in
message news:F41BE611-7C0F-4EC3-A789-422BB93DEF93@microsoft.com...
> I've the following situation:
> - Active Directory W2K3, using OU's and GPO's for controlling settings on
> the clients
> - Windows XP SP2 clients (laptops)
> - "My Documents' is redirected to the users' homeshare and made offline
> available
> - The Offline Files cache encryption is enabled using a GPO setting
> - EFS is enabled for users using default Domain GPO
> - The domain administrator is the default data recovery agent
>
> Question:
> How can I check if the CSC (cache) directory is encrypted (automatically)
> on
> the client?
>
> Additional info:
> - I've used the EFSINFO resource kit tool to check if the CSC is
> encrypted.
> It says "not encrypted".
> - When I display the attributes belonging to the CSC directory, there is
> no
> "E" attribute for encrypted.
> - There is no user certificate on the client, which I think should be
> present.
>
> What is going wrong here.
>
> Thanx in advance..
>
>
Anonymous
December 28, 2004 8:45:10 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello Tim,

Thanks for your reply. But I'm still puzzled.

When the Offline Files cache is encrypted there should be at least a self
signed user certitficate (for EFS) in the local certificate store on the
client, or not?

In my case there was no certificate. Can I therefore make the conclusion
that nothing is encrypted on the client (including the Offline Files cache)?

Thanks,

Helmuth

"Tim Springston [MSFT]" wrote:

> The user interface in the on the client is the best way to check. The UI
> has logic to decide whether the "encrypt" option is available (unencrypted)
> or not an option (unsupported client or already encrypted on a supported
> client configuration).
>
> Encryption of the cached items for client side caching is done within the
> cached items database, so it will not display as encrypted as other file
> system objects would (like an encrypted Word doc) even if it is encrypted.
>
> If you have a need to prove that the items are encrypted for a security
> audit, please contact Microsoft Product Support Services and we can help.
> You should not be charged for this incident if that is all you need.
>
> Please repost if you have any additional questions or concerns.
> --
>
> Tim Springston
> Microsoft Corporation
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "Helmuth Snoeijen" <HelmuthSnoeijen@discussions.microsoft.com> wrote in
> message news:F41BE611-7C0F-4EC3-A789-422BB93DEF93@microsoft.com...
> > I've the following situation:
> > - Active Directory W2K3, using OU's and GPO's for controlling settings on
> > the clients
> > - Windows XP SP2 clients (laptops)
> > - "My Documents' is redirected to the users' homeshare and made offline
> > available
> > - The Offline Files cache encryption is enabled using a GPO setting
> > - EFS is enabled for users using default Domain GPO
> > - The domain administrator is the default data recovery agent
> >
> > Question:
> > How can I check if the CSC (cache) directory is encrypted (automatically)
> > on
> > the client?
> >
> > Additional info:
> > - I've used the EFSINFO resource kit tool to check if the CSC is
> > encrypted.
> > It says "not encrypted".
> > - When I display the attributes belonging to the CSC directory, there is
> > no
> > "E" attribute for encrypted.
> > - There is no user certificate on the client, which I think should be
> > present.
> >
> > What is going wrong here.
> >
> > Thanx in advance..
> >
> >
>
>
>
!