Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

161

162

163

164

165

166

167

168

169

170

Manage Policies

154

Policy Default Setting Description

Policy-Based Encryption

This technology uses Dell's proprietary data centric encryption to allow user data and computer

encryption. This allows greater protection over individual data than traditional full disk encryption, by

limiting access on a computer to only what a user is authorized to view.

Encrypt with SDE

when SED is

detected

Not Selected

When Selected, this policy applies SDE encryption to self-encrypting drives.

Use this policy when SDE encryption is preferred instead of native SED

encryption.

User Encrypted

Folders

String

String - maximum of 100 entries of 500 characters each (up to a maximum

of 2048 characters)

A list of folders on the computer hard drive to be encrypted with the user

data encryption key or excluded from encryption.

If the same folder is specified in this policy for multiple users of the same

Windows computer, each file in that folder is encrypted for the first owner

of the file after the policy takes effect, and can be decrypted only by that

owner.

The text in this policy is translatable.

More...

Specify as for Common Encrypted Folders.

This policy applies to all drives classified by Windows as Hard Disk Drives

(see My Computer). You cannot use this policy to encrypt drives or

external media whose type displays as Removable Disk, use EMS Encrypt

External Media instead.

Application Data

Encryption List

Exe List

winword.exe

excel.exe

powerpnt.exe

msaccess.exe

winproj.exe

outlook.exe

acrobat.exe

visio.exe

mspub.exe

winzip.exe

winrar.exe

onenote.exe

onenotem.exe

String - maximum of 100 entries of 500 characters each

Do not add explorer.exe or iexplorer.exe to the ADE list, as unexpected or

unintended results may occur.

Explorer.exe is the process used to create a new notepad file on the

desktop using the right-click menu.

Setting encryption by file extension, instead of the ADE list, provides more

comprehensive coverage.

Changes to this policy do not affect files already encrypted because of this

policy.

List process names of applications (without paths) whose new files you

want encrypted, separated by carriage returns. Do not use wildcards.

The text in this policy is translatable.

More...

You can also specify these process names (separated by commas) via the

registry value

HKLM\Software\Dell\CMGShield\ApplicationDataEncryptionList.

The Encryption client encrypts all new files (not already being encrypted by

Common Encrypted Folders and User Encrypted Folders) on the current

computer hard drives created by these application processes whenever

they are owned by a currently-logged-on managed user. This may include

files excluded from encryption by Common Encrypted Folders and/or User

Encrypted Folders.

The following folders and their subfolders are always excluded from

encryption by this policy:

C:\Windows\system32

C:\Windows\Software Distribution

C:\Windows\Security

C:\System Volume Information\Program

Files\Dell\(.dll.exe.sys.mac.ddp.wip.rty.nmd.inv)

Dell strongly recommends not listing applications or installers that write

system-critical files. Doing so could result in encryption of important

system files, which could make a Windows computer unbootable.

Common process names:

outlook.exe