does ATI preserve NTFS encryption?

Hi, I did a couple of searches including the terms "ntfs", "encryption", etc. and could not find an exact answer to this question:

Under XP SP2 I encrypt certain subdirectories on my NTFS C: partition using XP's built-in NTFS encryption. Those subdirectories and the files within them show as green in Explorer.

I backup this entire partition using ATI 10 b4871 regularly to a set of .tib files on external storage. From the same system I can mount the .tib files using ATI and view the structure of my C: drive and see the green encrypted folders and files. I can call up the encrypted files and view the contents.

My question is: *** is NTFS encryption preserved within the .tib files? *** In other words, if an Evil Person was to get hold of my .tib files (and let's say also the password I provided to ATI at backup time), and bring them up in their own copy of ATI on a separate XP system, would they be able to view the encrypted content?

My assumption is "no" since the decryption is done using a key based on my XP login and password and is done in a manner transparent to applications, and my XP login and password would not be present on the Evil Person's system. As a test I mounted the .tib files as a drive letter from another system and I was unable to open or read the encrypted content (XP gave me "file not found" or "unable to read file" or similar), which is what I would have expected. However I am interested in hearing confirmation of this from Acronis or the product gurus on this site.

Thanks,
Bob

 

Hello bobk,

Thank you for choosing Acronis Disk Backup Software.

We are sorry for the delayed response.

You are correct, files encoded with Windows built-in encryption tool will stay encoded in the archive and after restoring it as well.

Thank you.
--
Marat Setdikov

 

Thank you very much for your reply.

 

Hi Marat,

(I'm unfamiliar with how, exactly, TI does its job, so please forgive my ignorance.) I infer from your answer that TI doesn't do file reads when it backs up (otherwise Windows EFS would 'automatically' decrypt before delivering the data to the reader). It must be doing raw block reads, or something that avoids the decryption. Is that correct?

Thanks.

 

When TI does an image backup it ignores most of the file system and looks at a map of the in-use sectors. It uses this map to create an image archive of the in-use sectors and does not have to open or read the files since it just copies sector content. It doesn't have to know anything about the data in the sector.

I don't know if the above is applicable for a Files and Folders backup instead of an image since it makes more use of the file system.

 

Thanks for the input. So, am I correct in assuming that if I backup 'My Computer' (as opposed to 'My Data', etc.) I get an image-type backup (as you describe above), but any of the others will (probably) read data through the file system? Furthermore, as you suggest, it's unclear whether such a file-based backup will be saved encrypted (that is, MS EFS-type encryption) or not, yes?

Thanks again.

 

Yes, in TI10 "My Computer" results in images rather than what is called a Files and Folders backup which is selected by "My Data".

I just don't know what happens to the MS EFS encryption. The best thing for you to do is run a test.