> I found the KB article 810859 and it sounded perfect for my issue
> however after testing this is 3 different environments it still does
> not work.
>
> 1.) I downloaded the hotfix but my existing version was higher so it
> did not
> need ot be added.
> 2.) My system.adm was newwer and already had the CLIENTEXT entry
> 3.) the clients have the CSID in the registry
> I',m assuming that the contents of the CSC should be green if
> encrypted as that is the default.
>
> This is an important feature for our mobile non-admin users.
>
> Any suggestions?
>

"Meinolf Weber [MVP-DS]" wrote:

> Hello Steven,
>
> So if the article does not really help please describe your problem and also
> post error messages you have.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I found the KB article 810859 and it sounded perfect for my issue
> > however after testing this is 3 different environments it still does
> > not work.
> >
> > 1.) I downloaded the hotfix but my existing version was higher so it
> > did not
> > need ot be added.
> > 2.) My system.adm was newwer and already had the CLIENTEXT entry
> > 3.) the clients have the CSID in the registry
> > I',m assuming that the contents of the CSC should be green if
> > encrypted as that is the default.
> >
> > This is an important feature for our mobile non-admin users.
> >
> > Any suggestions?
> >
>
>
>

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:A51EF9BE-67CC-476B-BF61-2D7FFEDB5E2E@microsoft.com,
> Steven <Ste***@discussions.microsoft.com>, posted the following:
> > The "Encrypt the Offline Files cache" Group Policy setting does not
> > take effect when a user logs on to a Windows XP-based computer
>
>
>
> After applying the hotfix, have you tried to completely clear Offline Files
> on the laptop, restart, delete the CSC folder? This will build a new client
> side cache and the hotfix should take affect.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace***@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
>

> Thank you for the reply Ace.
> Yes I deleted the cache but I did not try to delete the CSC folder, I
> was hoping for more of an enterprise fix but I will try it and if
> that work I'll make that work for us.
>
> But I also find myself in somewhat of a catch 22.
>
> I disabled EFS because we use DFSR and because we didn't want users
> encrypting shared files and blocking others out, but I needed to
> enable it to encrypt the offline cache. If there was a way to either
> remove the Advanced button from the files and folder properties so
> users could not selectively use EFS or if there was a way to apply
> EFS locally only and not to network shares.
>
> See my delema, does that make sense?
>
> Thanks for your help.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:E44FBD1B-1001-470B-8DDC-D36CBE172985@microsoft.com,
> Steven <Ste***@discussions.microsoft.com>, posted the following:
> > Thank you for the reply Ace.
> > Yes I deleted the cache but I did not try to delete the CSC folder, I
> > was hoping for more of an enterprise fix but I will try it and if
> > that work I'll make that work for us.
> >
> > But I also find myself in somewhat of a catch 22.
> >
> > I disabled EFS because we use DFSR and because we didn't want users
> > encrypting shared files and blocking others out, but I needed to
> > enable it to encrypt the offline cache. If there was a way to either
> > remove the Advanced button from the files and folder properties so
> > users could not selectively use EFS or if there was a way to apply
> > EFS locally only and not to network shares.
> >
> > See my delema, does that make sense?
> >
> > Thanks for your help.
>
> Hi Steve,
>
> My pleasure for the response. The usual steps when dealing with offline
> files repairs or issues, is to turn it off, restart, then delete the CSC
> folder. The folder is all the cached previous data, and if there's something
> amiss with the previous configuration, and you reuse it without deleting,
> the issue will be back.
>
> As for the encryption and GPO issue, give this a shot if the KB hotfix
> doesn't work - make the person a local admin on the laptop first, then have
> him log in. I believe the restrictions, that is if the KB doesnt work, is
> because of the the CSC folder being in the \system32 folder and a
> permissions thing. Curious if that will work.
>
> Ace
>
>

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:C8A17CAF-902E-4D44-973D-431FFF589CE3@microsoft.com,
> Steven <Ste***@discussions.microsoft.com>, posted the following:
> > Thanks again for your latest response.
> >
> > Delete the CSC folder and now everything works exactly as it should,
> > thanks. The offline sync process is substantially slower but
> > nevertheless everything works now as it should. This brings me to the
> > last step of my research.
> >
> > How do I prevent users from encryting network files and folder yet
> > allow EFS to work locally only.
> >
>
> Glad the CSC thing was helpful. I think once it's caught up, the sync
> process should be the same speed.Keep in mind, database files (mdb, pst,
> ost, etc) do not work with Offline Files.
>
> As for preventing EFS on remote servers, that is a GPO setting on the
> server's OU that can be set by going into the Encrypting File System setting
> and changing it to disallow users from encrypting files or by leaving the
> Encrypted Data Recovery Agent policy set to empty (depending on the OS).
> Then apply the GPO to the OU containing only your servers. If on a DC,
> create a separate GPO instead of altering the Default Domain Controller
> policy.
>
> Read this for more info:
> http://marc.info/?l=focus-ms&m=111697225619020&w=2
>
> Encrypting File System
> http://technet.microsoft.com/en-us/library/cc749610.aspx
>
> Ace
>
>
>
>
>

> Thanks again Ace, I agree with you and this makes perfect sense
> however I tried it before and the clients stopped encrypting, said it
> was disabled. I think I am having problems with my policy
> inheritence. Typically the child OU would apply its GPO last, so
> therefore  have disabled at parent OU and enabled at child OU.
>
> Example:
>
> Domain Policy (Allowed by deafault)
>     |
>     Computer OU (not allowed)
>                     |
>                      PC OU (inherited)
>                     |
>                      Mobile OU (allowed)
>
> Notebooks in the Mobile OU state the ecrytion is disabled when I try
> to encrypt a local file. Only works if I allow at parent OU.
>
>
> Any suggestions?
>

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:4D54DE58-E047-4162-A09E-94788DDC1D70@microsoft.com,
> Steven <Ste***@discussions.microsoft.com>, posted the following:
> > Thanks again Ace, I agree with you and this makes perfect sense
> > however I tried it before and the clients stopped encrypting, said it
> > was disabled. I think I am having problems with my policy
> > inheritence. Typically the child OU would apply its GPO last, so
> > therefore  have disabled at parent OU and enabled at child OU.
> >
> > Example:
> >
> > Domain Policy (Allowed by deafault)
> >     |
> >     Computer OU (not allowed)
> >                     |
> >                      PC OU (inherited)
> >                     |
> >                      Mobile OU (allowed)
> >
> > Notebooks in the Mobile OU state the ecrytion is disabled when I try
> > to encrypt a local file. Only works if I allow at parent OU.
> >
> >
> > Any suggestions?
> >
>
>
> I believe you are trying to apply it to the laptops. It is a user account
> setting. If you create an OU just for laptop users, and move a test laptop
> user into, does it work?
>
> Ace
>
>
>

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> In news:3BBDD0A4-B8E7-41AC-A821-61C83477750E@microsoft.com,
> Steven <Ste***@discussions.microsoft.com>, posted the following:
> > Windows XP, it is a computer setting.
> > The computers OU is set to disallow, the mobile OU is a child of the
> > computers OU and set to allow but the parent setting keeps over
> > writing it even though the mobile OU policy has number one
> > presedence. Even if I enforce. All other mobile policies are applied
> > correctly it is just this specific "encrypting file system" policy at
> > the child level that is being over written by the parent policy, very
> > strange.
>
> Is there a loopback policy set? That would be the only thing I can think of
> if the computer section is being overwritten.
>
> See if this helps out.
> http://www.windowsecurity.com/articles/Controlling-Encrypting-File-System-EFS-Group-Policy.html
>
> Ace
>
>
>