This article describes Persistent Encryption and how to enable or disable it.
SafeGuard LAN Crypt Client v.3.7x and above
All supported operating systems
Windows/Windows Explorer and encryption
A new (optional) extension in Windows Explorer makes sure that encrypted files remain encrypted during copy and/or move operations, even if there is no encryption rule defined for the target path.
IMPORTANT: note that this feature is only available for operations in Windows Explorer. Operations in the command line and complex copy operations like “Save as…” started from different applications cannot be captured by the filter driver.
SafeGuard LAN Crypt Persistent Encryption
There is a new feature in SafeGuard LAN Crypt (SGLC) version 3.7x, that warns the user if a copy operation would decrypt an encrypted file if there is no encryption rule on the target directory.
The checking procedure can be disabled in the SGLC Configuration (gpedit.msc) or you can simply select the "don't show this warning again" checkbox.
There are six different warnings that are shown if "Persistent Encryption" is enabled, and a copy operation would cause an encrypted file to be decrypted. The warnings are as follows:
- An ignore rule is set on the destination folder: <FOLDER>.
- An exclude rule is set on the destination folder: <FOLDER>.
- The destination drive is set as unhandled device: <DEVICE>.
- The destination drive is set as unhandled drive: <DRIVE>.
- The filesystem of the destination drive is not supported: <FILESYSTEM>.
- The filesystem of the destination drive is unknown.
- If you select "Don't show this warning again" then the warning "The filesystem of the destination drive is unknown" will no longer be shown, but the other five warnings will still be shown.
- If you select "Don' show any warning again" then all of the six warnings will no longer be shown.
What to do
1- To enable or disable Persistent Encryption via the Registry of the client:
- Go to Start | Run and type regedit. You need administrative rights to change settings in the registry.
- Change to the Key
HKLM\Software\Policies\Utimaco\SGLANCrypt\LCShellx (Computer policy) or
HKEY_CURRENT_USER\Software\Policies\Utimaco\SGLANCrypt\LCShellx ( User policy)
- Set Value data of DWORD Value "PersistentEncryptionEnabled" to
0 to disable Persistent Encryption and to
1 to enable Persistent Encryption.
NOTE: if the Value name "PersistentEncryptionEnabled" does not exist in the Registry Key LCShellx, it means that Persistent Encryption is active by default.
2- Using configuring group policy:
Computer Configuration | Windows Settings | SafeGuard | LAN Crypt Configuration | Persistent Encryption