|Platform: win2016||Date: (C)2017-08-03 (M)2019-05-13|
"Allow indexing of encrypted files"
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expected not to index encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not index encrypted content.
When this setting is enabled or disabled, the index is rebuilt completely.
Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the location of the index to maintain security for encrypted files.
Enabling or not configuring this setting can compromise security as it allows indexing to attempt to decrypt and index a device's content which may expose confidential and secure data.
Disable this setting.
The search service components will not index encrypted items or encrypted stores.
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Search
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:40333|