Allowing access to copy an encrypted file

Hi all,

I have efs encryption enabled on my windows account. I would like to sync  copy of my data to Onedrive, but copy the files/drive in encrypted form, not decrypted form, so it's  never on Onedrive and never leaves the pc in decrypted form. The idea I have had is to install Goodsync synching software on another windows account on the same machine, and not install my efs certificate in that user account, so the software can only see an encrypted version of the files.

However, I notice when logging in to this second windows account myself and doing a little testing I can see the files but can't copy-paste any of them. When trying to copy one of them to, say the desktop, I get an error message saying I don't have permission to access the file.

How can I set up efs/file rights so that Goodsync has access to the files so it can sync them (perhaps running from a different account on the same machine as suggested), but not see them in decrypted form?

Edited by califauna, 24 January 2024 - 12:06 AM.

Windows 10 Pro.

I am an admin on my usual account. I can set up the the other account as admin or user.

Bump (unsolved).

I can't see why in theory this shouldn't be possible. There's nothing physically preventing software copying the encrypted contents of a section of a disk, and thus a file (even if the software sees the thing it is copying as gibberish), allowing that file to later be decrypted by software running in an account which does have the EFS key installed.

If this is not possible on Windows for some reason, can anyone offer an explanation (some kind of EFS policy? what this policy is, if it can be removed, why it can't be removed, etc)?

Edited by califauna, 08 March 2024 - 07:11 AM.

I always thought that some encryption programs, also blocked the copying of a file, as added security.

Edited by wee-eddie, 08 March 2024 - 04:24 AM.

Anyone able to answer this question?

There is some speculation above about encryption programs blocking copying of files. Windows EFS isn't exactly a 'program' as such though.

There's also a claim that I can't achieve copying an encrypted file from a different user account, but no explanation is given for why this should be the case. Also, in my experience copying encrypted files isn't usually blocked like this. Anyone able to confirm/correct this in such use cases, and maybe provide an explanation?