Dell Data Protection
Administrator Guide 17
Removable Storage
EMS Encrypt External Media
True or Fa ls
e
This is the “master policy” for all other Removable Storage policies. This policy must be set to
True
for any other Removable Storage policies to be applied.
True
means that all Removable Storage encryption policies are enabled.
False
means that no encryption of removable storage takes place, regardless of other policy
values.
EMS Access to unShielded Media
Block, Read Only, or Full Access
When this policy is set to
Block Access
, you have no access to removable storage unless it is
encrypted.
Choosing either
Read-Only
or
Full Access
allows you to decide what removable storage to
encrypt.
If you choose not to encrypt removable storage and this policy is set to
Full Access
, you have
full read/write access to removable storage.
If you choose not to encrypt removable storage and this policy is set to
Read-Only
, you can read
or delete existing files on the unencrypted removable storage, but the client software will not
allow any files to be edited on or added to the removable storage unless it is encrypted.
EMS Encryption Algorithm
AES 256, Rijndael 256, AES 128, Rijndael 128, or 3DES
Encryption algorithm used to encrypt removable storage.
EMS Data Encryption Key
Common, User, User Roaming
Although
Common
is available, it is not implemented in this release.
Key that is used by the client software to encrypt all data encrypted by EMS.
EMS Automatic Authentication
Disabled, Local, or Roaming
Local
automatic authentication allows the encrypted removable storage to be automatically
authenticated when inserted in the originally encrypting computer when the owner of that
media is logged in.
When the
Roaming
key is applied to EMS, Roaming automatic authentication is available
when the domain account the user activated with on the Mac computer is the same as the
domain account used to provision the removable storage. When automatic authentication is
Disabled, users must always manually authenticate to access encrypted media.
EMS Scan External Media This policy is not yet implemented. Removable storage must be taken to a Windows computer
to be scanned.
EMS Access Encrypted Data on
unShielded Device
True or Fa lse
True
allows the user to access encrypted data on removable storage whether the endpoint is
encrypted or not.
When this policy is
False
, the user will be able to work with encrypted data when logged on to
any encrypted endpoint. The user will not be able to work with encrypted data using any
unencrypted endpoint.