Making OneNote work with Cryptomator

I’ve been wanting to use OneNote with an encrypted file system backed up to a cloud, but have had problems with many existing solutions (including Cryptomator/OneDrive). Basically, modifying notebooks can lead to OneNote crashing, including data loss.

I created a solution that fixes this problem - it basically “checks out” OneNote files when running OneNote, and “checks in” OneNote files as soon as OneNote closes.

The solution is a batch file, so if others have interest, I will post the details here. Let me know!

1 Like

Interested. Can you post it?

rem Check Out OneNote data files

rem Variables
set _7ZipExecutable="%ProgramFiles%\7-Zip\7z.exe"
rem S:\ is an encrypted drive
set CheckedInPath=S:\OneNoteCheckedIn
set CheckedInFilename=%CheckedInPath%\OneNoteCheckedIn.7z
set CheckedInBackupBaseName=OneNoteCheckedIn.backup
set CheckedInBackupFilename1=%CheckedInPath%\%CheckedInBackupBaseName%1
set CheckedInBackupFilename2=%CheckedInPath%\%CheckedInBackupBaseName%2
rem CheckedOutPath is where the OneNote files are placed (preferably on an unencrypted drive not monitoried by cloud backup services)
set CheckedOutPath=%AppData%\OneNoteCheckedOut
set OneNoteExe="%ProgramFiles%\Microsoft Office\root\Office16\ONENOTE.EXE"

rem Check if the checked in file exists - if not, it is checked out on another box
if not exist %CheckedInFilename% (
	echo a
	echo Checked in file doesn't exist. Was it checked out on another box?
	exit /b

rem Extract checked-in file onto the unencrypted disk
%_7ZipExecutable% x -y %CheckedInFilename% -o%CheckedOutPath%

rem Delete the oldest backup 7z file
del %CheckedInBackupFilename2%

rem Make the middle backup 7z file the oldest
ren %CheckedInBackupFilename1% %CheckedInBackupBaseName%2

rem Backup the current 7z file to the middle backup
ren %CheckedInFilename% %CheckedInBackupBaseName%1

rem Run OneNote

rem Batch file waits until OneNote exits

rem Check In OneNote data files

rem 7z up the checked out OneNote files
%_7ZipExecutable% a %CheckedInFilename% %CheckedOutPath%\*

rem If the 7z is successful, delete the local OneNoteCheckedOut files
if exist %CheckedInFilename% (
	rmdir /s /q %CheckedOutPath%
) else (
	echo a
	echo There was an error!

Above is the actual script. Soon I’ll reply with details about the thought process behind the script.

Here’s some of my thoughts behind the script.

I believe the problem is with the interaction between the cloud service attempting to sync everything new it sees, and OneNote hitting the disk frequently and failing to acquire a lock on a file that it just wrote to. I’ve seen this problem in products other than Cryptomator.

My solution is to copy the OneNote files to a local disk folder that is not cloud synced, so during the use of OneNote, there is no file contention. I consider this the ‘check out’ part of the script.

Then, when OneNote is done, it’s safe to copy the OneNote files back to the encrypted cloud synced folder. This is the ‘check in’ part of the script.

I use 7z to compress the files in the ‘checked in’ state. This has two advantages. One, it makes the cloud synced aspect of this process atomic. Either the file is there or not. And, that leads to advantage two: If the file is not there, then a second machine can’t check out the file and cause sync issues while the first machine has the ‘lock’. Some of this script code checks for the locked state.

I create 2 backups rather than one. This way, if something fails, the 2nd (oldest) backup will likely have a good (albeit outdated) copy.

Running OneNote blocks the script, which is convenient. This way you never need to manually remember to check in. However, OneNote can still crash, which will trigger the check-in.

Final thoughts: The above script is a cmd file. It’s possible to create an icon on the taskbar that runs the script - to do this, you’ll need a copy of the Command shortcut, and change the target to:

%windir%\system32\cmd.exe /c "C:\Program Files\CheckOutOneNote\CheckOutOneNote.cmd"

I noticed when I pasted the script, it changed the "echo " (control-g) to “echo a”.