Showing results for 
Search instead for 
Did you mean: 
Level 7

Build 5701 FFE: restricted directories?

Hi guys...

Today I need you help on two questions:

I have encountered a very hindering issue with the file & folder encryption today.
We created a policy, telling the client to encrypt nsf files whenever notes.exe saves one.

Well, it didn't.

Everything inside the "program files" directory seems to have the encryption "enforced by a policy", which is stated in the respective directory's properties on the encryption tab.

I... COULD... change the encryption key on the program files directory level, but that's not what I want.

Moving the nsf file to the desktop, manually encrypting it and putting it back works fine, but I can't do that with hundreds of files.

So are there any hardcoded directories in FFE and if so, how can I take influence on them?

There are predefined "variables" in the Folder dropdown list, like [COMMON FILES], etc.
Are these configurable?
If I want to tell the policy to encrypt a local folder via UNC, how can I do that without creating a share?
The string \\%COMPUTERNAME%\C$\folder resolves correctly from the windows explorer, but the FFE policy doesn't seem to translate that.

0 Kudos
1 Reply
Level 21

RE: Build 5701 FFE: restricted directories?

1. Program files is hard excluded to stop Windows getting messed up - Microsoft have prohibited applications from storing data in the program files tree for many years - I'm surprised something as common as Notes still does so. It's meant to store data in the user profile, or applicationdata folders.

I would speak to your account manager re getting a feature request raised if this is important.

2. No, you can't add more - these are the ones again described by Microsoft. If you want to encrypt something on the C: drive, just use "c:\... " etc (why would you want to use a UNC for a local path?)

If you must use a UNC, then it needs to be a real UNC, not one with an environment variable in (they are only handled by explorer and a command window, and are not necessarily set in accounts other than the current logged in user).
0 Kudos