Policy

Encrypt the Offline Files cache

Microsoft Windows

Back to Offline FilesBack to main
Encrypt the Offline Files cache
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Network > Offline Files
Supported on
At least Windows Server 2003 operating systems Service Pack 1, Windows XP Professional Service Pack 2, or Windows 2000 Service Pack 5

Supported OS tags: Windows10, Windows10RT, Windows11, Windows2000, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions. If you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface. If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface. If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. Note: By default, this cache is protected on NTFS partitions by ACLs. This setting is applied at user logon. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.

Internal name
Pol_EncryptOfflineFiles
Policy ID
b7dcb57dfe43
Elements
0

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\Windows\NetCache
Value name
EncryptCache
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\Windows\NetCache
Value name
EncryptCache
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.