Re: [Condor-users] Windows encrypt on disk for execute nodes of jobfiles

[Colin Stolley <stolley@xxxxxxxxxxx>]

> Hi,
>     Todd Tannenbaums presentation on "whats new" at the condor week in april
> stated that on disk encryption was now available for Windows in version 6.6. I
> have noted a thread on Windows EFS support. Is this was the presentation
> referance was to?
>  
I'm not Todd, but I'm pretty sure that he was referring to EFS support.

> In either case how do you get it to work? I have added the encrypt execute
> directory entry to the config file as suggested in the list thread but this
> doesn't cause encryption on Windows 2000 where I am testing. The thread left the
> discussion at that point. Is XP required?
>  
No, Windows 2000 should work fine. Here's two things to check:

1. Verify that you've correctly spelled

ENCRYPT_EXECUTE_DIRECTORY = True

in your config file, and that this setting is reflected on your execute 
machines.

2. While a job is running, if you can get an administrator shell 
started, you should find a hidden Desktop.ini file in the execute 
directory (the dir_#### directory underneath EXECUTE). The file should 
contain two lines:

[Encryption]
Disable=0

if the file isn't there, or doesn't contain those two lines, check the 
starter log for error messages.

Assuming all goes well, you should be able to do a 'dir' on the execute 
directory, but attempting to read the contents of the files should fail 
with Access Denied. Only the person that created the execute directory 
(in this case, probably condor-reuse-vm1) should be able to successfully 
read any of the files.

Colin