Migration strategy for ecryptfs

Specifies the action that should be taken when the user's home directory was created with ecryptfs encryption.

If you set this policy to 'DisallowArc', Android apps will be disabled for the user and no migration from ecryptfs to ext4 encryption will be performed. Android apps will not be prevented from running when the home directory is already ext4-encrypted.

If you set this policy to 'Migrate', ecryptfs-encrypted home directories will be automatically migrated to ext4 encryption on sign-in without asking for user consent.

If you set this policy to 'Wipe', ecryptfs-encrypted home directories will be deleted on sign-in and new ext4-encrypted home directories will be created instead. Warning: This removes the user's local data.

If you set this policy to 'MinimalMigrate', ecryptfs-encrypted home directories will be deleted on sign-in and new ext4-encrypted home directories will be created instead. However, it will be attempted to preserve login tokens so that the user does not have to sign in again. Warning: This removes the user's local data.

If you set this policy to an option that is no longer supported ('AskUser' or 'AskForEcryptfsArcUsers'), it will be treated as if you had selected 'Migrate' instead.

This policy does not apply to kiosk users. If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

Migration strategy for ecryptfs


  1. Disallow data migration and ARC.
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameEcryptfsMigrationStrategy
    Value TypeREG_DWORD
    Value0
  2. Migrate automatically, don't ask for user consent.
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameEcryptfsMigrationStrategy
    Value TypeREG_DWORD
    Value1
  3. Wipe the user's ecryptfs home directory and start with a fresh ext4-encrypted home directory.
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameEcryptfsMigrationStrategy
    Value TypeREG_DWORD
    Value2
  4. Similar to Wipe (value 2), but tries to preserve login tokens so the user does not have to sign in again.
    Registry HiveHKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\ChromeOS
    Value NameEcryptfsMigrationStrategy
    Value TypeREG_DWORD
    Value4


chromeos.admx

Administrative Templates (Computers)

Administrative Templates (Users)