deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added row for Windir

Browse Source
This commit is contained in:
Justin Hall 2019-04-05 10:42:01 -07:00
parent a44a104f17
commit 8e751df01a
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
windows/security/information-protection/windows-information-protection/limitations-with-wip.md
View File

@ -12,7 +12,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 03/06/2019
ms.date: 04/05/2019
ms.localizationpriority: medium
---
@ -124,7 +124,24 @@ This table provides info about the most common problems you might encounter whil
<td>If all apps need to be managed, enroll the device for MDM.
</td>
</tr>
<tr>
<td>By design, files in the Windows directory (%windir% or C:/Windows) cannot be encrypted because they need to be accessed by any user. If a file in the Windows directory gets encypted by one user, other users can't access it.
</td>
<td>Any attempt to encrypt a file in the Windows directory will return a file access denied error. But if you copy or drag and drop an encrypted file to the Windows directory, it will retain encryption to honor the intent of the owner.
</td>
<td>If you need to save an encrypted file in the Windows directory, create and encrypt the file in a different directory and copy it.
</td>
</tr>
</table>
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to our content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
Anywhere under c:windows\* is a design. We dont want you to shoot yourself in the foot. We dont want that encrypted to a specific user because its used y all windows users. If you are logged in as one admin user and another user signs in as a diff admin user, they have no way to elevate to get the encrypted data.
If its in windir, they will not encrypt if it was already there. If there is a file in the dir and you try to encrypt it, it will fail. But if you drag and drop to there, it will retain encryption. That honors the intent of the owner. So if you redirect OneDrive to C:windows\temp, the files will not get encrypted. They wont change it.
Put in the limitations section, add a section that says this is by design
Workaround,