1). I have encountered a very hindering issue with the file & folder encryption today. We created a policy, telling the client to encrypt nsf files whenever notes.exe saves one.
Well, it didn't.
Everything inside the "program files" directory seems to have the encryption "enforced by a policy", which is stated in the respective directory's properties on the encryption tab.
I... COULD... change the encryption key on the program files directory level, but that's not what I want.
Moving the nsf file to the desktop, manually encrypting it and putting it back works fine, but I can't do that with hundreds of files.
So are there any hardcoded directories in FFE and if so, how can I take influence on them?
2). There are predefined "variables" in the Folder dropdown list, like [COMMON FILES], etc. Are these configurable? If I want to tell the policy to encrypt a local folder via UNC, how can I do that without creating a share? The string \\%COMPUTERNAME%\C$\folder resolves correctly from the windows explorer, but the FFE policy doesn't seem to translate that.
1. Program files is hard excluded to stop Windows getting messed up - Microsoft have prohibited applications from storing data in the program files tree for many years - I'm surprised something as common as Notes still does so. It's meant to store data in the user profile, or applicationdata folders.
I would speak to your account manager re getting a feature request raised if this is important.
2. No, you can't add more - these are the ones again described by Microsoft. If you want to encrypt something on the C: drive, just use "c:\... " etc (why would you want to use a UNC for a local path?)
If you must use a UNC, then it needs to be a real UNC, not one with an environment variable in (they are only handled by explorer and a command window, and are not necessarily set in accounts other than the current logged in user).