Windows EFS encryption

Hi,

Dows duplicati support Windows EFS encryption ?

Thanks and Regards
Sean

Hi @sean, welcome to the forum!

Duplicati backs up at the file level, not the filesystem level (where I believe Windows WFS resides) so I suspect it will work just fine, though I think it will be backing up the un-encrypted versions of the files (assuming the correct user account is used).

Hi,
This is a problem…
I am evaluating Duplicati as an replacement for the old “Microsoft Backup and Restore (Windows7)” in Windows 10 and configured Duplicati as Windows service. Everything works great - including VSS backups of SQL-Server databases!
Except EFS encrypted files… EFS encrypted files are not backed up.
Did anyone take a look at the EFS API on how to backup and restore EFS encrypted files?
https://docs.microsoft.com/en-us/windows/desktop/fileio/backup-and-restore-of-encrypted-files
Is it possible, that Duplicati will support this feature in the future?
thx, cu

I encrypt some files on my laptop. Duplicati has no issue with backing up these files but I run Duplicati under my normal user context. I suspect it won’t be able to back up files if running under a different user context, unless that user has the ability to decrypt the files.

To get an unencrypted file copy that Duplicati then encrypts, I guess you could change the service to the user that made the EFS files (which possibly adds password change pains) or have them grant access.

To backup an encrypted (raw) file copy probably ends at the functions you mentioned, however Duplicati has recently changed (I think) to run source file I/O through AlphaFS, which presents EFS in a nicer way.

Issue 3311 PathTooLongException when using USNJournal #3456

Directory Methods
File Methods

There would presumably be some database schema and code changes to track things, and web UI work. Technically this should probably be a feature request or enhancement issue to at least be on the wish-list.

If you run Duplicati in the user context who created the EFS files, than Duplicati would of course decrypt and backup those files. But that is not possible if you want to do system wide backups on multi user machines.
And EFS is not the only NTFS specialty. There are new NTFS P, U and R file attributes for the OneDrive “file on demand” feature.
https://searchenterprisedesktop.techtarget.com/blog/Windows-Enterprise-Desktop/OneDrive-File-Attributes-Uncovered
This attributes cause Microsofts own “Microsoft Backup and Restore (Windows7)” to fail! I did not have time to evaluate this for Duplicati yet…
And what’s about NTFS sparse files, alternative data streams (ADS), ReFS, …?

AlphaFS looks very promising!
But why doesn’t Microsoft provide a simple system wide backup API that deals with all those special cases…