The following table explains the policies governing how encryption is handled on File Encryption devices.
|
Policy Name |
Description |
Value Range and Default |
|---|---|---|
|
Allow Secure Delete |
Specify whether to allow the user to delete files. |
Yes, No Default: Yes |
|
Disable Optical Drive |
Disable access to CD or DVD drives. |
Yes, No Default: No |
|
Encryption Key Used |
|
User Key, Group Key, Enterprise Key Default: Group Key |
|
Encryption Method Allowed |
Choose which allowable ways to encrypt files are allowed:
|
User’s Unique Key, Group Unique Key, Encrypt With Static Password, Encrypt With Certificate Default: All |
|
Removable Media |
Specify settings for USB devices. |
Enable, Disable Default: Disable |
|
Allowed USB Devices |
Specify permitted USB devices. |
Any, KeyArmor Default: Any |
|
Disable USB Drive |
Disable the USB drive when not logged in, always disable, and never disable drive. |
Always, Logged Out, Never Default: Logged Out |
|
Folders to Encrypt on Removable Media |
The drive letter is given and the policy value corresponds to a valid removable media device. Non-existent folders are created. If no drive letter is given then all removable media devices attached to the device at login will use the policy values. |
1-255 characters Default: N/A |
|
Fully Encrypt Device |
Specify whether all files/folders on removable media are encrypted. |
Yes, No Default: No |
|
Specify Folders to Encrypt |
List the folders that will be encrypted on the hard drive. Non-existent folders are created. A valid drive letter to the hard drive must also be supplied. A valid policy value is: C:\EncryptedFolder. |
1-255 characters Default: %DESKTOP%\Encrypted Files |