Error processing windows encrypted file

Califauna · November 28, 2023, 11:56pm

Hi,

I’m getting the following errors when duplicati tries to process any file on my hard drive which has windows encryption:

2023-11-28 23:10:07 +01 - [Warning-Duplicati.Library.Main.Operation.Backup.FileBlockProcessor.FileEntry-PathProcessingFailed]: Failed to process path: F:\B\TRANSFER TO PC\To do .txt

I’m referring there to the type of windows encryption that you enable using right click n the file > Properties > Advanced > ‘Encrypt contents to secure data’.

When this encryption is not enabled, the files are processed. When they are encrypted using this method, I get the error.

I am using Duplicati with the windows service running. I dont launch the app/ tray icon.

Looking at the encryption properties after that right click it says that my user name has access. HOwever it does not mention the windows SYSTEM account in there anywhere, and I understand that this is the account that Duplicati’s windows service uses. Also, if you want to add 'access’to another user this way, it says you need to choose their ‘certificate’ and no system or other certificate appears there, only that of my user name.

ts678 · November 29, 2023, 1:34pm

Welcome to the forum @Califauna

Thank you for the exact message. As this is not a Windows forum, it helps people research the issue.

You are probably using Encrypting File System (EFS) (Wikipedia) where access is easy for your user, however blocked for others including the powerful LocalSystem user. Presumably this is as intended.

Multiple-user (shared) access to encrypted files (on a file-by-file basis) and revocation checking on certificates used when sharing encrypted files

is said to be available since Windows XP, so perhaps that’s what you tried, but didn’t quote the dialog. Possibly you can research that yourself using a web search if you really want access for another user.

The default user would be SYSTEM, however you can probably change it to you, if its suits you needs.

Duplicati.WindowsService.exe also offers

Supported options for the install command:

/localuser
Installs the service as a local user.

although I’m not sure how well that handles the password, if Windows user is password-protected.

As Duplicati databases are by default in %LOCALAPPDATA%\Duplicati (including for SYSTEM, so C:\Windows\System32\config\systemprofile\AppData\Local\Duplicati), changing user is somewhat awkward, as files need to be moved or adjusted, unless you just want to start over new.

Migrating from User to Service install on Windows gives a procedure that you could use in reverse.

Before going too far, you should look at About → System info → UserName to confirm current user.

How do I let the SYSTEM account use EFS encryption? is a page I found if you prefer that method.

A question in all cases is what will happen during Duplicati restore. Even if access can be acquired, there’s no EFS-specific information in the backup that Duplicati can use to add encryption as-it-was.