Specifications

Endpoint Encryption for Files and Folders Policy Settings

36 |

If the Make all removable media plaintext (see below) option is enabled, then any

existing encrypted file on inserted removable media will be decrypted, provided the

user has access to the proper encryption key.

Ignore existing content on media

This option is disabled by default and dictates that all existing files on attached

removable media will be encrypted also. When this setting is enabled, only new files

will be encrypted when placed on removable media attached to a system that has this

policy applied.

NOTE:Whenthisoptionisdisabled,allexistingfiles become encrypted.Therefore,theycannolongerbe

readfromsystemswithoutEndpointEncryptionforFilesandFolders.Bemindfulwhenusingthisoption.

Make all removable media plaintext

This option disables the persistent encryption for removable media, i.e. encrypted files

that are transferred to the removable media will end up there in plaintext.

Make all removable media read-only

This option is mutually exclusive to the previous one. Instead of encrypting files

written to removable media, you may prevent files from being written at all, i.e. make

the removable media attached, read-only. Users may read files from the media, but

any writing to the media is blocked.

Note that the previous option is disabled when you select the Read-only option for

removable media.

Changing this parameter requires the client machines to be restarted (after having

received the policy change) before it takes effect.

CAUTION:DisablingtheAutomaticallyencryptallremovablemediaoptiondoesnotmeanthatnewfiles

createdonaremovablemediathathavebeensubjecttotheremovablemediaencryptionpolicywillbein

plaintext–newfileswillstillbeencryptedwhenwrittentothemedia(theencryptionpolicyisstillapplied

totheremovablemediaitself).Inordertoremoveanapplie

dencryptionpolicyonremovablemedia,the

optionMakeallremovablemediaplaintextmustbeenabled.

Auto-create Self-Extractors of files put on media through the (Windows)

Explorer

This option renders all files put on removable media to be converted to password

encrypted Self-Extractors when they are placed on the removable media using the

Windows Explorer file management operations. These operations are the following:

• Drag-and-drop

• Copy-Paste (incl. keyboard shortcuts)

• Cut-Paste (incl. keyboard shortcuts)

NOTE:thefollowingfilemanagementoperationsarenotcoveredbythispolicy: