Siv
asked on
Copying encrypted files to non encrypted location generates "The destination already contains a file named xxx" error.
Hi,
I have a client who's staff are fairly mobile and carry around client confidential data on their Windows 10 laptops. To protect that data they have encrypted the laptop's documents folder with NTFS Encryption so that if the laptop is lost or stolen the criminals cannot access the files without knowing the user's logon password.
The staff keep a common shared folder for their client data on an SBS 2008 box that is not encrypted as the server is in a secure location and not liable to be accessed.
When they return to the office, any files that have been amended or new ones created whilst out, are copied to the server. When the machines were first encrypted they were running Windows 7. Since the upgrade to Windows 10 they have noticed a couple of differences in the copying behaviour.
The first issue was when they copied the files onto the server they were finding that the copy process seemed to occur OK but when they came to try and open the files they were just zero byte files. I tracked this down to the computers needing their trusted status setting. This seems to have cured the issue with zero byte files, but they are also getting a warning message every time they copy files to the server saying that "The destination already contains a file named xxx" even when the file they are copying up is a new one that does not exist in the target server folder. Once they have OK'd that message they then get the usual message about agreeing that they are copying without encryption that I would expect.
Can anyone explain why they are getting the "The destination already contains a file named xxx" message and how to stop it coming up?
Siv
I have a client who's staff are fairly mobile and carry around client confidential data on their Windows 10 laptops. To protect that data they have encrypted the laptop's documents folder with NTFS Encryption so that if the laptop is lost or stolen the criminals cannot access the files without knowing the user's logon password.
The staff keep a common shared folder for their client data on an SBS 2008 box that is not encrypted as the server is in a secure location and not liable to be accessed.
When they return to the office, any files that have been amended or new ones created whilst out, are copied to the server. When the machines were first encrypted they were running Windows 7. Since the upgrade to Windows 10 they have noticed a couple of differences in the copying behaviour.
The first issue was when they copied the files onto the server they were finding that the copy process seemed to occur OK but when they came to try and open the files they were just zero byte files. I tracked this down to the computers needing their trusted status setting. This seems to have cured the issue with zero byte files, but they are also getting a warning message every time they copy files to the server saying that "The destination already contains a file named xxx" even when the file they are copying up is a new one that does not exist in the target server folder. Once they have OK'd that message they then get the usual message about agreeing that they are copying without encryption that I would expect.
Can anyone explain why they are getting the "The destination already contains a file named xxx" message and how to stop it coming up?
Siv
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Siv, you made me understand this was about data on the clients that you encrypted with EFS (built-in folder-/file encryption). Then you have a problem syncing those files to the server. if I get you right, you don't worry about the data safety on the server side, but only at the clients. So the server (which hopefully is physically secured) does not need to be bitlocked, just the client.
ASKER
McKnife,
They are not using any synch method other than a straight file copy when connected to the domain network. Ie not like synching to OneDrive or between your phone and and the Exchange Server.
Yes I am only interested in having encryption on the client side the server is secure location wise.
They are not using any synch method other than a straight file copy when connected to the domain network. Ie not like synching to OneDrive or between your phone and and the Exchange Server.
Yes I am only interested in having encryption on the client side the server is secure location wise.
Understood.
I definitely recommend bitlocker over EFS. EFS does not cover certain attack types that bitlocker does cover. It is also less hassle.
I definitely recommend bitlocker over EFS. EFS does not cover certain attack types that bitlocker does cover. It is also less hassle.
ASKER
Will that stop the issue when copying files to the server?
Like I said, it will.
ASKER
Do you know why the message about replacing an existing file is coming up when using EFS?
Do I need to remove the EFS encrypted folders before applying Bitlocker or will Bitlocker automatically do that?
Do I need to remove the EFS encrypted folders before applying Bitlocker or will Bitlocker automatically do that?
I don't know why this error happens, no.
EFS can be removed but does not have to be removed before using bitlocker. BL does not automatically remove EFS.
EFS can be removed but does not have to be removed before using bitlocker. BL does not automatically remove EFS.
ASKER
I think I will do a test on one machine and remove the EFS protected folders first and then apply bitlocker to the whole drive. I will then get the user to do the file copying and will report back on results. I am remote to the client who has the issue and will get back in a day or so.
Thanks for your help so far.
Thanks for your help so far.
Take a test machine. BL needs a little knowledge and a proven backup restore of data and backup of encryption keys concept.
ASKER
Can you post links that give an easy to follow step by step process?
No, I can't. For some, the process is just "rightclick c: and select 'turn on bitlocker'", for others, it is a manly project.
So my advice would be to go on like this:
1 see if the BL requirements are met (which are: windows 10 pro & a mainboard with TPM chip), if yes
2 inform yourself about bitlocker recovery backup - there is one GPO that needs to be set at least, to make sure the drives are NOT encrypted UNLESS the recovery key backup succeeds, it's this one: "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives", documented here: https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx
3 activate bitlocker and do your tests.
So my advice would be to go on like this:
1 see if the BL requirements are met (which are: windows 10 pro & a mainboard with TPM chip), if yes
2 inform yourself about bitlocker recovery backup - there is one GPO that needs to be set at least, to make sure the drives are NOT encrypted UNLESS the recovery key backup succeeds, it's this one: "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives", documented here: https://technet.microsoft.com/en-us/library/jj679890(v=ws.11).aspx
3 activate bitlocker and do your tests.
ASKER
Sorry for delay replying, have not been able to get hold of staff to update their laptops, however am on site with the client on Monday so will get it sorted then.
ASKER
McKnife,
I went down the Bitlocker route as you suggested and the clients are not having the file copying issue anymore.
Thanks for your help,
I went down the Bitlocker route as you suggested and the clients are not having the file copying issue anymore.
Thanks for your help,
Great, you're welcome.
ASKER
It depends, are you talking about using bitlocker on the whole drive of the laptops?
I don't want the server drives encrypting as that causes too much hassle.
Siv