Specifications

Assigning and Updating Policies

58 |

NOTE:Youcanonlyassignonetypeofpolicytoausergrouporuser.I.e.ausercannothavetwodifferent

EndpointEncryptionforFilesandFolderspoliciesapplied.

Once the policy has been assigned to the user object, users may retrieve the policy.

When the Endpoint Encryption for Files and Folders client is installed, after the

mandatory reboot, the user logging on can be forced to authenticate to Endpoint

Encryption for Files and Folders in order to retrieve the correct encryption policy

assigned. This mandatory authentication is subject to a policy setting; see the General

secti

n of this guide for details. If enforced, there is no way to cancel the

authentication dialog but to enter correct Endpoint Encryption credentials.

If there is no connection to the Endpoint Encryption database hosting the policy the

user will work with the default policy from which the install set was created (i.e. a

“blank” policy if not created from a dedicated policy).

Updating policies

The policy for a user is automatically updated whenever the user performs a Endpoint

Encryption for Files and Folders authentication. Provided there is a connection to the

Endpoint Encryption database holding the corresponding policy, any changes to the

user’s policy will immediately be applied. Likewise, any updates regarding encryption

keys will also take immediate effect after a successful Endpoint Encryption for Files

and Folders authentication.

If there is no connection to the Endpoint Encryption database, the policy will not be

updated, nor will the encryption keys.

The update is thus fully transparent and automated, provided there is a connection to

the correct Endpoint Encryption database. The user cannot avoid having updates

applied, nor can the updates be altered by the user.

Policy changes requiring reboot

Unlike Endpoint Encryption for Files and Folders versions 2.x, there is no need to

restart the client machine for any policy updates to take effect. All policy changes take

immediate effect once updated on the client.

However, some policy changes might require other events before they are enforced.

One example is the setting for Key Manager, Default Key Inactivity Timeout;

changes to this setting will only happen when keys are reloaded.