Encryptable files - is there a list of defaults to which the Admin's configuration is added?

Coordinator
Jun 7, 2007 at 1:29 AM
The EFS Assistant Administrator's guide states the following:

"If this capability i.e. folder content classification is enabled, the tool will examine the contents of an Unclassified folder and, if every file in that folder is on the list of encryptable files, it will classify the folder as Green and attempt to encrypt it."

What exactly is the "list of encryptable files"? Nowhere else in the document is that term used.

Elsewhere it is implied that only file extensions specified in the File types to encrypt Group Policy setting (i.e. under the FileExtensionsToEncrypt key) are considered the encryptable files:

"If the tool is running in Encrypt Specified and Content Classified Folders mode and the folder is not on either the Green or Red lists, it considers the contents of the folder. If the folder contains only encryptable data files (as configured by the administrator), the tool classifies the folder as Green."

In pre-release versions of EFS Assistant, the tool had the ability to classify data files based on a hard-coded list of file extensions that far exceeded what most Administrators would want to enter by hand in the Group Policy UI. Whatever happened to that list (and the default capability to find all those data file types)?
Coordinator
Jun 10, 2007 at 5:13 PM
Content classification of folders is based on the "File types to encrypt" registry setting. I think this is adequately described in Chapter 2 to of the Administrator's Guide, and again in Chapter 3.

Regarding the prepopulated list of file types, we decided to take a different tack and eliminated that list. We realized that this would make it less likely for folders to get encrypted, so we compensated by adding the ability to encrypt files individually (Encrypt Individual Files in the Group Policy template). We felt that this was a decent tradeoff since most organizations know the types of data files that they deal with.

It would be fairly simple to add a prepopulated list of data file types to the community edition of the tool.