Zonefrag fragments folders to ensure that each folder contains encryption information (is a 'zone head') or defragments folders to remove unnecessary information.

Each encrypted zone contains a hidden control file on its root, which describes zone characteristics (accesses, encryption parameters...). Subfolders of an encrypted zone don't contain this control file: information is inherited from the root, the 'zone head'. This is the reason why moving folders while ZoneCentral is deactivated may be dangerous: moving a subfolder of a zone into another zone may make the files unreadable, because the subfolder does not contain the hidden control file. Zonefrag tool can be used to fragment each encrypted zone: every subfolder becomes a zone head and so can be moved without any risk. By this way, folders copies and moves can be made while ZoneCentral is deactivated. The reverse operation (defragment) consists in analysing zones to remove unnecessary control files.

This tool cannot be run if the ZoneCentral File Filter is active: ZoneCentral must be uninstalled or deactivated.

Argument	Description
-fragment	Performs a fragment operation: each encrypted folder becomes a 'zone head'. By default, only encrypted folders are processed.
-defragment	Performs a defragment operation : each encrypted folder previously processed by the fragment operation is no more a zone head (except those whose encryption information is essential to read encrypted files).
-p <path>	Target path. Several paths can be specified.
-all	All local drives are processed.
-cze	'Explicit clear zones' are processed by the operation. An explicit clear zone is a clear folder inside an encrypted zone, or a folder that is marked to always remain clear.
-czi	'Implicit clear zones' are processed by the operation. An implicit clear zone is a clear folder that is not inside an encrypted zone, with no special information associated.
-ignoredenied	Operation is not stopped on a denied folder. By default, operation stopped immediately on a denied access. If this option is set and a denied access occurs during the operation, the return code will be 1 (partially done) instead of 0 (successful).
-diag	Operation is performed in a 'diagnosis' mode : no action or file operation is performed. This may be useful to test command before really executing it.
-verbose	Output is more verbose. Each file or folder operation done is shown on screen.
-log logdir	A detailed log file is written during operation. If a log location is already defined in policies, this option will be ignored.
-quiet	Runs in quiet mode (no questions).

Examples

1. Fragments all encrypted zones of a computer:

zonefrag -fragment -all

Reverts previous operation:

zonefrag -defragment -all

2. Fragments the user profile and a network folder, without performing any file operation, and writes detailed results in a log file :

zonefrag -fragment -p "c:\Document and settings\bob" -p \\server\share\bob -diag -log c:\logs

Copyright

[zonefrag] is a tool provided freely by Prim'X Technologies to help integration and deployment of Prim'X solutions.
[zonefrag] is delivered 'as is', without any warranty.
[zonefrag] is supported by Prim'X Technologies. You may issue support requests, bug reports, or feature requests.