Windows Recommendations and Considerations
File Handling
The CTE-LDT process is subjected to all of the File System policies and attributes set on the files. In some cases, this prevents CTE-LDT from encrypting a file. If users or applications are accessing files while CTE-LDT is in progress, CTE-LDT cannot change the attributes of the files and encrypt the file. It is critical that you understand how CTE-LDT handles various types of files:
-
NTFS Encryption and Compression
If NTFS encryption or compression is enabled on a file or folder, the CTE-LDT process cannot encrypt these files. To maintain the data coherency, CTE-LDT skips the encryption of the these files. These files display as “passthrough” files in the CTE-LDT statistics.
-
Read-Only Files
As the CTE-LDT process performs a read-encrypt-write operation on a file, it cannot encrypt read-only files. The CTE-LDT process skips these files and changes to the INCOMPLETE state.
-
Executable Files
If a executable is running or files are exclusively locked by the application, the CTE-LDT process cannot encrypt those files as it is unable to acquire the required locks on the files. CTE-LDT skips these files and changes to the INCOMPLETE state.
File Modification
The CTE-LDT process performs a read-encrypt-write operation on the files that need to be encrypted, (also known as rekeying). Previously, file modification and access dates were changed when CTE-LDT was processing. In order to maintain compatibility for applications, we addressed this issue by saving a copy of the original access and modification times, and restoring them after the encryption completed. Preserved timestamps are updated during the rekey process, if an application/user accesses the files during rekey.
Thales strongly recommends that you upgrade to the newly released v6.1.0 so that the access time and modification time is restored correctly.
Logical Sector Size
CTE-LDT Windows transformation is supported if the logical sector size is more than 512 Bytes. (A logical sector size of 4K is supported.) To find the logical sector size of the file system, type:
> fsutil fsinfo ntfsInfo <volume pathname>
For example:
> fsutil fsinfo ntfsInfo C:
NTFS Volume Serial Number : 0x5092568a92567506
NTFS Version : 3.1
LFS Version : 2.0
Number Sectors : 0x000000001c004eeb
Total Clusters : 0x00000000038009dd
Free Clusters : 0x00000000008bb274
Total Reserved : 0x0000000000001864
Bytes Per Sector : 512
.
.
.