File Handling (Windows Only)
It is critical that you understand how the CTE-LDT process handles read-only, binary (executable), NTFS encrypted and NTFS compressed files.
The CTE-LDT process is subjected to all of the File System policies and attributes set on the files. In some cases, this prevents CTE-LDT from encrypting a file. If users or applications are accessing files while CTE-LDT is in progress, CTE-LDT cannot change the attributes of the files and encrypt the file. It is critical that you understand how CTE-LDT handles various types of files:
-
NTFS Encryption and Compression
If NTFS encryption and compression is enabled on a file or folder, the CTE-LDT process cannot encrypt these files. To maintain the data coherency, CTE-LDT skips the encryption of the these files. These files display as “passthrough” files in the CTE-LDT statistics.
-
Read-Only Files
When CTE-LDT encounters read-only files, it rekeys the file by resetting the read-only attribute and then setting the attributes back again when the rekey completes. If a file is open, CTE-LDT skips this file.
-
If the file is not opened, CTE-LDT changes the attributes of the file and stores the original attributes in the file metadata.
-
CTE-LDT starts Rekey on this file.
-
If a user requests to open a file for writing while rekey is in progress, access is denied. User can only open files for reading.
-
CTE-LDT restores the attributes once rekey is done.
-
-
Executable Files
If an executable is running, or files are exclusively locked by the application, the CTE-LDT process cannot encrypt those files as it is unable to acquire the required locks on the files. CTE-LDT skips these files and changes to the INCOMPLETE state.
