Policy
Encrypt the Offline Files cache
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows2000, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network share. Encrypting this cache reduces the likelihood that a user could access files from the Offline Files cache without proper permissions. If you enable this policy setting, all files in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user interface. If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface. If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. Note: By default, this cache is protected on NTFS partitions by ACLs. This setting is applied at user logon. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\Windows\NetCache\EncryptCache | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- UserAction on server disconnectWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerAction on server disconnectWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerAllow or Disallow use of the Offline Files featureAt least Windows 2000
- ComputerAt logoff, delete local copy of user’s offline filesWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerConfigure Background SyncAt least Windows Server 2008 R2 or Windows 7
- ComputerConfigure Slow link speedWindows XP Professional only
- ComputerConfigure slow-link modeAt least Windows Vista
- ComputerDefault cache sizeWindows Server 2003, Windows XP, and Windows 2000 only
- ComputerEnable file screensAt least Windows Server 2008 R2 or Windows 7
- ComputerEnable file synchronization on costed networksAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerEnable Transparent CachingAt least Windows Server 2008 R2 or Windows 7
- ComputerEvent logging levelWindows Server 2003, Windows XP, and Windows 2000 only