Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

171

172

173

174

175

176

177

178

179

180

Security Management Server v10.2.7 AdminHelp

155

winword.exe

powerpnt.exe

msaccess.exe

wordpad.exe

mspaint.exe

excel.exe

The following hard-coded system and installer process names are ignored

if specified in this policy (you can also add to this list via the registry value

HKLM\Software\Dell\CMGShield\EUWPrivilegedList):

hotfix.exe, a Windows update process

update.exe, a Windows update process

setup.exe, a third-party installer process

msiexec.exe, a third-party installer process

wuauclt.exe, a Windows update process

wmiprvse.exe, a Windows system process

migrate.exe, a Windows update process

unregmp2.exe, a Windows update process

ikernel.exe, a third-party installer process

wssetup.exe, the Windows Encryption client installer

svchost.exe, a Windows system process

User Encryption

Algorithm

AES256

AES256, Rijndael 256, AES128, Rijndael 128, 3DES

Encryption algorithm used to encrypt data at the individual user level. You

can specify different values for different users of the same computer.

Encryption algorithms in order of speed, fastest first, are Rijndael 128, AES

128, Rijndael 256, AES 256, 3DES.

SDE Encryption

Algorithm

AES256

AES 256, AES 128, 3DES

Encryption algorithm used to for System Data Encryption.

Encryption algorithms in order of speed, fastest first, are AES 128, AES 256,

3DES.

Common

Encryption

Algorithm

AES256

AES256, Rijndael 256, AES128, Rijndael 128, 3DES

Encryption algorithm used to encrypt data at the endpoint (all users) level.

System paging files are encrypted using AES 128.

Encryption algorithms in order of speed, fastest first, are Rijndael 128, AES

128, Rijndael 256, AES 256, 3DES.

Encrypt Outlook

Personal Folders

Not Selected

Encrypts Outlook Personal Folders (%csidl:local_appdata

%\Microsoft\Outlook) with the User data encryption key.

Encrypt Temporary

Files

Selected

When this policy is selected, the paths listed in the environment variables

EMP and TMP are encrypted. TEMP and TMP for the operating system are

encrypted with the Common encryption key.

To reduce encryption sweep time, the contents of the TEMP and TMP

folders are cleared for initial encryption, as well as updates to this policy.

However, if your organization uses a third-party application that requires

the file structure within the \temp directory to be preserved, you should

prevent this deletion.

To disable temporary file deletion, create DeleteTempFiles (REG_DWORD)

and set its value to 0 in the registry at

HKLM\SOFTWARE\Credant\CMGShield.

Encrypt Temporary

Internet Files

Selected

When this policy is selected, the path listed in the environment variable

CSIDL_INTERNET_CACHE is encrypted with the User data encryption key.

To reduc

e encryption sweep time, the contents of CSIDL_INTERNET_CACHE

are cleared for initial encryption, as well as updates to this policy.

This policy is applicable when using Microsoft Internet Explorer only. For

other web browsers, an administrator must create an encryption policy

that is specific to the storage location of the temporary internet files used

by each browser.

Encrypt User Profile

Documents

Not Selected

When this policy is selected, the following are encrypted:

• The users profile (C:\Users\jsmith) with the User data encryption key

• \Users\Public with the Common encryption key

Encrypt Windows

Paging File

Selected

When this policy is selected, the Windows paging file is encrypted. A

change to this policy requires a reboot.