Moving software User Folders onto an encrypted Disk...

Page 2 of 2 FirstFirst 12

  1. Kari
    Posts : 17,661
    Windows 10 Pro
       New #11

    dalchina said:
    Further, if the user profile were on a second disk, wouldn't it be necessary to perform disk imaging in a way that took that into account?
    Yes. Not an issue, though.

    An example: the easiest way to create a system image with Macrium Reflect is to choose the highlighted option in screenshot:

    Moving software User Folders onto an encrypted Disk...-image.png

    It creates an image containing UEFI / BIOS system partitions, and Windows partition (C:).

    In my case, it is not enough.

    Following screenshot shows my disk layout. Partition C: on primary disk (#1 in screenshot), partitions for installed software, relocated Users folder, Hyper-V virtual machines, and my deployment images on secondary disk (#2). and external disks (#3):

    Moving software User Folders onto an encrypted Disk...-image.png

    I must always include all UEFI system partitions and C: drive on primary disk, and partitions D: and E: on secondary disk to create a system image. I do not have to include partitions F: and G: in system image, because all my virtual machines and deployment images are separately backed up on external H: drive.

    If I only image the primary disk, restoring it would of course work, restored Windows finding installed software on drive D: and user profiles on E: drive, but it would not restore any changes on D: and E: since the backup was made.

    This is the only, but really minor, inconvenience in relocating complete Users folder to another drive.

    Kari
      My Computer
    Quote Quote

  3. supermammalego
    Posts : 161
    Windows 10
       New #12

    How are you going about encrypting the drive? You have to remember that Windows won't know how to decrypt your drive unless it's told how to do it. Usually using BitLocker as an integrated solution is far better because the encryption/decryption process is automatic and, like I said, integrated into Windows. Everytime you start Windows up you will be asking for an encryption key. I'm not sure though how Windows would respond to individual areas of the OS being isolated and then requiring individual attention to encrypt/decrypt before use. Usually when you compartmentalize things like this you have to know what you're doing to ensure things keep running together. Windows would need to be aware that X folder is encrypted, Y folder is encrypted and Z folder is encrypted and X, Y, Z are folders relating to user folders or something similiar.

    Otherwise you're practically on your own. Ease of use goes out of the window at this point because most encryption software is designed solely for indepedent use and not for full integration into the Windows operating system as a means of replicating built-in features in Windows. You might be able to encrypt/decrypt files on the fly and do similiar things but entire drives and their contents when mounted to a Windows operating system is a little different. It's like using third-party software to emulate Windows built-in software - if there is not full compatibility and ease of use you're severely limited unless the software caters to this gap by plugging it. And from my experience, most encryption software are designed solely for specific tasks and not for comprehensive integration into the entire operating system.

    What program are you planning to use to encrypt the drives? Are you actually encrypting the whole drive in place or are you encrypting individual folders on the drive? Do you also know that SSD encryption has pretty serious flaws in it because of how SSD works as opposed to HDD? What encryption algorithm are you using? Will you be using password/passphrase protection or keyfiles, cards, sticks etc?

    It may be possible you cannot both move the user folder and encrypt it while also being able to keep access. If Windows doesn't recognise where the user folders are and cannot mount them before encryption you have an issue because, like I said, you will have to mount them yourself everytime you use your computer. And this will get tedious. Plus you will also be vulnerable the minute you decrypt them as the longer these folders are decrypted the less of a difference it makes when they become encrypted if there was to be sensitive information accessed by an attacker. Ideally encryption works best when the state of the drive is inactive and is not in a decrypted state (obviously). As soon as the drive is active and decrypted there is little protection and it is vulnerable.
      My Computer
    Quote Quote

 

  Related Discussions
I searched and found an article similar to this one on Microsoft's site: How to Fix Access Denied Folder/File Errors on Windows 10/8/7 And from my diagnosis I have trouble accessing EFS encrypted files and folders. ...
On my wife's PC with Windows 10 home most of the location of the user folders such as Documents, Downloads, etc. had to be moved to folders on another drive since the SSD C:\ drive filled up too much. I used the option available in Windows by...
I have the option "Show recently opened items in Jump Lists on Start or the taskbar" off. However since the last update whenever I either copy or move a file into any folder windows puts that folder under the Recent group in the taskbar. Is there...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 22:55.
Find Us




Windows 10 Forums