Unable to Encrypt Offline Files via GPO or registry & don't want to set manually

I'm trying to apply the setting "Encrypt Offline Files to secure data" to
computers in my domain. I first tried enabling the Computer Settings \
Administrative Templates \ Network \ Offline Files \ Encrypt the Offline
Files cache Group Policy. I even did this using a test GPO on a test OU
(containing only one PC) with no other settings configured. When I apply
this policy, the "Encrypt Offline Files to secure data" check box goes grey,
but retains whatever setting was configured before I applied the policy. So
if the box was unchecked before applying the policy, it remains unchecked
after the box greys out. When I applied this policy to my entire domain,
everyone's box greyed out, but not all boxes got a check mark. I've
confirmed that those who aren't showing encryption in the check box truly
don't have encryption working, as files within their systemroot\CSC folders
do not display in green within Windows Explorer.

Frustrated with the GPO, I tried manually entering encryption parameters
into their registries at HKLM \ Software \ Microsoft \ Windows \
CurrentVersion \ NetCache. I set values for DefCacheSize (544 in decimal),
Enabled (1), and EncryptCache (1). The test computer's registry retained
these settings, but the check box did not show that encryption was enabled
even after a reboot.

As I said, I'd like to avoid checking the box manually on every computer or
entrusting this procedure to our users. How can I push this setting to
ensure that everyone's offline files are encrypted?

I'm in a domain, so "Fast User Switching" is not enabled anywhere. Also, I
set my policy to "Enforce" so no settings on the local computer could
override them (although I haven't configured anything via gpedit on any
computers locally). Please help. Thanks.


.

Relevant Pages

  • RE: Offline files greyed out
    ... unfortunately I havent seen any settings ... I have the following GPOs ... Default Domain Controllers Policy ... use of Offline Files feature is set to Enabled which I assume is correct. ...
    (microsoft.public.windows.server.sbs)
  • Encryption through Group Policies
    ... There are alot of settings in the Security Settings portion of a Group ... Policy that relate to requireing Digital Signatures and using ... Encryption like SSL and TLS or 128 bit encryption. ...
    (microsoft.public.win2000.security)
  • Re: Unix Services / Default Permissions / WinXP_Pro
    ... File encryption can lead to a whole bunch of problems if not ... >> and configuration settings and completely reinstall the operating system ... >> Sitter, Net Nanny, or the Windows Shared Computer Toolkit to restrict the ...
    (microsoft.public.security)
  • Re: Disable Offline Files?
    ... >> Synchronize all offline files before logging off ... >> Prevent Use of Offline Files folder ... >> COMPUTER SETTINGS ... >> Applied Group Policy Objects ...
    (microsoft.public.windows.server.general)
  • Re: Disable Offline Files?
    ... >> Synchronize all offline files before logging off ... >> Prevent Use of Offline Files folder ... >> COMPUTER SETTINGS ... >> Applied Group Policy Objects ...
    (microsoft.public.windows.server.active_directory)