GPO to encrypt offline files greys but doesn't set the client chec

[Guest]

In the description for the the GPO called "Encrypt the Offline Files cache"
it says "If you enable this setting, all files in the Offline Files cache are
encrypted."

When I apply this GPO, the corresponding option on the workstation (Control
Panel | Folder Options | Offline files | ecnrypt offline files to secure
data) DOES get greyed out - so that the cleint cannot chenge the setting.
HOWEVER, the option does NOT get checked. (If it was ALREADY checked it
remains checked). Having the option NOT checked leaves the offline files
UNencrypted.

The intent of the GPO seems to be to enforce encryption, but it seems to
merely disable a user's ability to change it.

Am I missing something? I am pretty sure I have verified that my assessmemt
above is accurate.

Thanks.

 

[Guest]

The GPO is both enforcing encryption and disabling the user's ability to
change that enforcement. Leaving the option not checked does not mean that
the files are not encrypted. If you configure offline file encryption
through group policy, then group policy is controlling the on/off
setting--not the Control Panel UI.

More details are under "Using Offline Files" on this page
http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c06621675.mspx#EFG

Thanks.
Pat

 

[Guest]

Clearly the GPO is disabling the user's ability to change the on/off
setting. However it DOES NOT seem to be turning on encryption.

The checkbox is greyed out (evidence that the user can no longer change the
setting) but it IS NOT CHECKED.

I have verified that that when it is in this state, the files are NOT
encrypted. That is, the GPO IS applied, the check box IS greyed out, the
user CANNOT change the setting but the box is NOT checked and the files are
NOT encrypted.

Am I missing something?

Thanks.

 

[Guest]

Offline files are stored and encrypted locally in the %SystemRoot%\CSC
(hidden)directory. Is that where you are looking to confirm whether the
files are encrypted?

Thanks.
Pat

 

[Guest]

That is exactly where I am looking. Without the GPO (greying out the
option), I can check and uncheck the box. When checked, if I look at the
advanced attributes of a file in a CSC folder, I see the "encrypt" check box
checked (in Windows explorer). If I go to a command prompt and type to TYPE
a file, I get "access denied". When the control panel option is unchecked, I
can see the contents of a file (for my testing, I have but one file so even
though the file name under CSC is some random file name in some meaningless
subfolder name, I know what the contents should be) and the file properties
show that it is NOT encrypted.

When I have the GPO on, the control panel option is grey but not checked and
the files under CSC are NOT encrypted.

Thanks.

 

[Guest]

I believe the problem could be about whether the local user is a local admin.

See this hotfix:

http://support.microsoft.com/default.aspx?scid=kb;en-us;810859

Not terribly pretty.