Unsolved
1 Message
0
795
When unlocking DDPE files are the files still "encrytped"
My company uses DDPE to encrypt the data on our laptop but for backing up the files, we have to use the Admin Utility CmgAU to unlock the files first before moving the users profile to a secure file store. I have come across an issue with our older accounts (8 plus years old) that when I move these files from our secure file store to my local computer and encrypt them again to be sent to our legal department, they do not encrypt. They give an error that the data is not recognized. It does not happen to newer Active Directory accounts only our older Active Directory accounts. I have a few questions about this issue.
1. Is this an issue with our older accounts because of the settings/version of the server they were created on? we have upgraded the server version through the years but have not created a new server.
2. Is there a way to re-lock the files instead of trying to encrypt them again?
3. If not, is there a tool to encrypt the files other then trying through "encrypting for sharing"?
SteveO1683
Moderator
Moderator
•
146 Posts
0
July 27th, 2020 08:00
Hi @Azura Doug,
When you use a utility like CMAGU the files for that computer name or device identifier will be unlocked. While CMAGU is running anything that is opened will be read from the disk and displayed as plain text. The file saved on the disk though will always remain encrypted until that file is either decrypted via uninstall \ policy changes or moved from the local disk to a network share.
For these really old profiles do we know if they were removed from the clients machine in the same workflow you are doing now? It sounds like they were possibly pulled from the disk with no utilities running in which case we could be double encrypting them when you're copying them back down or if there's a hidden file that we use to track encryption status the new agent is seeing that and not touching the files but the new agent does not have the encryption keys used to protect those files so they cannot be opened.
It also could be a scenario where the files that were encrypted that long ago were done via a legacy method that the new client has to have a registry tweak to understand.
Recovery scenarios like this are always fluid and difficult to troubleshoot via our forums, if you don't mind raise a ticket with our support teams (contact info in my signature), reference this thread, and the techs can escalate it to an L3 resource that will be able to assist live and get it figured out.