This project has moved. For the latest updates, please go here.

Windows search on encrypted data

Topics: Users Discussion
Mar 25, 2016 at 9:43 PM
If you want to stick with windows search, I think something like this should work (but I have not tested it):
  1. change windows search to start manually and stop the service - from elevated command line type:
    sc config wsearch start= demand
    net stop wsearch
  2. move the windows.edb index file to the encrypted volume (location is in the registry key below)
  3. alter the location of windows.edb file in registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Databases\Windows\FileName to the new loacation
  4. start the indexing service AFTER you mont the volume, I'd recommend to create a shortcut to "net start wsearch" and run it as admin
Apr 1, 2016 at 9:39 PM
Edited Apr 1, 2016 at 9:49 PM
I prefer to have windows indexer disabled (because of the data leak you mentioned), the command is sc config wsearch start= disabled and I use agent ransack to search thru my files, but I search only plain text files like txt files, c sources, etc. It can look up binary files too, but you won't probably find what you are looking for in complex files like doc, xls, etc, because the texts in them are stored in unicode.

Disabled service cannot be started, so you'd need to run sc config wsearch start= demand prior net start wsearch. Having two windows.edb indexes (one encrypted and other unencrypted) does not sound that bad to me, swapping them could be matter of a few lines in a batch file and a few seconds of run ;)