As we test Windows 7, some employees are really enjoying folder redirection & offline files for "My Documents", etc. At the same time though, we have some educated users with administrative rights on their machines to install/test software. This got me thinking - if offline files are stored locally for cache, then a local machine administrator could take ownership of a folder and read through files, right? This is no good - if Jim uses Bob's computer for a day (and Bob has admin rights), then Bob can later look at Jim's offline files. I attempted to test this by taking ownership of C:\Windows\CSC, but after 3 hours of what seemed to be a stall - I quit unsuccessfully. However other articles seem to mention a CSCCMD program that can be used to export data from an offline cache. I did not try it. I did find an option to encrypt offline files. I tested this with Ubuntu, and found that encryption successfully keeps me from getting offline files from another operating system (I am still able to see thumbnails of images and read folder/file names, but am unable to open any files). Very nice. However I am still unsure if a local admin could somehow get access to offline files. Are offline files safe from a local admin if they are encrypted? If not, how can you get to them? Not trying to hack, but just testing the waters before I fully deploy Windows 7 & folder redirection to the rest of the company.

Hello Lucky, Thanks for your post in our forum. By default, a local administrator has high permission on the file system, as well as system files less protected. Therefore, there usually a way for local administrator to get the privacy content belonging to another user, no matter if it is in user profile or offline folder/files. As an enterprise-level encryption method, we involve EFS since Windows 2000 Server and they are enhanced in Windows 7 / Windows Server 2008 R2. They have the same basic similarities among versinos of Windows. I recommend you to take reference on the following article: How to Encrypt Offline Files http://technet.microsoft.com/en-us/library/bb456987.aspx Hope it helps and have a nice weekend! Regards, Miya Yao This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks Miya, So non-encrypted offline files are definitely accessible by a local administrator. However if I encrypt offline files, can a local administrator still access them? The CSC runs as a SYSTEM process and therefore may be accessed by any user or process that may run as SYSTEM or act as a SYSTEM process. This includes administrators on the local machine. Therefore, when sensitive data is stored in offline folders, administrative access should be restricted to users and SYSKEY should always be used to thwart offline attacks. I am thinking this means "yes", an administrator could still read encrypted offline files. Correct?

Hello Lucky, There are some differences of EFS between Windows XP and Windows Vista/7. According to the following document: Windows Vista: Encrypting File System http://technet.microsoft.com/en-us/library/cc749610(WS.10).aspx Offline copies of files from remote servers can also be encrypted by using EFS. When this option is enabled, each file in the offline cache is encrypted with a public key from the user who cached the file. Thus, only that user has access to the file, and even local administrators cannot read the file without having access to the user's private keys. Thanks. Regards, MiyaThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Ahh, thank you very much Miya. This is what I was hoping for. I appreciate it greatly!