Reference Guide
Security Management Server - AdminHelp v9.8
167
Important: Before you begin, you must understand directory protection, as well as when and how to
override directories and file types. If you do not completely understand the information included in this
section, as well as the encryption settings that currently exist on your environment, do not attempt to
override protected directories.
Do not encrypt files with the extension tmp. Encrypting .tmp files may result in an unbootable computer
and/or require reformatting drives.
Protected Directories
The Encryption client has several directories that are, by default, protected from encryption. The level of
protection varies from folder to folder. If a folder is protected, then the only way to encrypt data within
that directory is to use the override modifier described in Modifiers – What they are and what they do
.
There are four levels (categories) of protection that directories and files can have: 0, 1, 2, and 3. Category 3
is the most protected level.
The following directories have Category 0 exclusions (including subfolders unless specified):
NOTE: All exclusions may not apply in all environments.
%SYSTEMDRIVE% (no subfolders)
Profile directory ("C:\Documents and Settings" in XP and "C:\Users" in Win7)
%SYSTEMROOT%
Default user profile ("C:\Documents and Settings\Default User" in XP and "C:\Users\Default" in Win7)
CSIDL_PROGRAM_FILES
CSIDL_PROGRAM_FILESX86
%SYSTEMROOT%\Driver Cache\i386
<Windows File Protection> ([HKLM\Software\Microsoft\Windows NT\CurrentVersion]
SourcePath:REG_SZ)
%SYSTEMDRIVE%\I386
CSIDL_COMMON_APPDATA
%SYSTEMROOT%\temp\WgaErrLog.txt
F#:\boot
CSIDL_COMMON_APPDATA\Credant
CSIDL_COMMON_APPDATA\Dell\Dell Data Protection
CSIDL_COMMON_APPDATA\CmgAdmin.log
F#:\bootmgr
%SYSTEMROOT%\SysWOW64
CSIDL_COMMON_APPDATA\Microsoft\Windows\Caches
CSIDL_PROGRAM_FILES\Symantec
CSIDL_PROGRAM_FILESX86\Symantec
CSIDL_PROGRAM_FILES_COMMON\Symantec
CSIDL_PROGRAM_FILES_COMMONX86\Symantec