Adding Files to the Encryption List
2/9/2009
To specify that a file should be encrypted when device encryption is turned on, you must add it to the encryption list.
The following shows the files that are encrypted by default when device encryption is enabled. The following files are automatically added to the encryption list.
| Description | Example location |
|---|---|
User documents |
\My Documents |
Sync email |
\cemail.vol |
PIM data |
\pim.vol |
Sync email stream properties |
\windows\messaging |
Sync email attachments |
\windows\messaging\attachments |
Temporary internet cache |
\windows\profiles\guest\Temporary Internet Files |
You use the Specify device encryption file list Group Policy setting to specify the path of the file or group of files that you want to add to the encryption list.
A file path entry has the form [PathSpec][FileSpec]. That is, a file specification appended to a path specification, for example, \MyDocuments\MyFile.doc.
The path specification has the following characteristics:
- It cannot be empty.
- It should begin and end with a backslash “\” unless it consists of only a "\".
- It can contain the following special identifiers:
- %CEn%: A Windows Embedded CE string that will be translated into a directory, where "n" is a valid integer value, for example, %CE5% will be changed to "\My Documents".
If this identifier is present, it must be the first element that follows the starting "\". - …: The current folder and subfolders. If present, it should be the last element.
- %CEn%: A Windows Embedded CE string that will be translated into a directory, where "n" is a valid integer value, for example, %CE5% will be changed to "\My Documents".
The file specification has the following characteristics:
- It cannot be empty
- It can contain the following special identifiers:
- *: All files
- *.ext: All files that have the specified extension
The following shows examples of how to specify the correct path of any files that you want to add to encryption list.
| Correct path example | Description |
|---|---|
\cemail.vol |
The cemail.vol file |
\MyDocuments\* |
All files in the My Documents folder |
\MyDocuments\...\* |
All files in the My Documents folder and its sub folders |
\MyMusic\*.wmv |
All .wmv files in the My Music folder |
\MyDocuments\...\*.wmv |
All .wmv files in the My Documents folder and its sub folders |
\...\*.wmv |
All .wmv files |
\%CE5%\...\* |
All files in the folder identified by the Windows %CE5% string |
The following shows examples of incorrect file paths.
| Incorrect path example | Description |
|---|---|
\MyDocuments\...\ |
No file specification. |
\MyDocuments\... |
Path does not end in a slash. |
\MyDocuments\%CE2%\* |
Windows Embedded CE string is not the first element in the path specification. |
\MyDocs\...\music\* |
… is not the last element in the path specification. |
MyDocuments\* |
Path specification does not begin with a \ (backslash). |
\%CEabc%\* |
Not a valid string for Windows Embedded CE because abc is not an integer. |
\MyDocuments\abc*.wmv |
You cannot have characters before *. |
\MyDocuments\*abc.wmv |
* should be the only element when you search for all files of a specific type. |
To add a file to the encryption list
In the Group Policy Management Console, expand Group Policy Objects and then locate the target Group Policy object (GPO).
Right-click the GPO, and then select Edit.
In the Group Policy Object Editor, expand Computer Configuration/Administrative Templates/Windows Mobile Settings, and then select File Encryption.
In the details pane, right-click Specify device encryption list, and then select Properties.
In the dialog box, on the Setting tab, choose Enabled, and then choose Show.
In the Show Contents dialog box, choose Add.
In the Add Item dialog box, in the Enter the name of the item to be added box, type the file name or the path of the file or group of files that you want to add to the list. In the Enter the value of the item to be added box, type the file description, if any.
Choose OK. In the Show Contents dialog box, the file name or the path of the file or group of files will appear in the Value Name box and the file description will appear in the Value box.
Choose OK two times to finish the procedure and close the program.