Reference Guide
Manage Policies
156
Managed Services String
String - maximum of 100 entries of 500 characters each (up to a maximum
of 2048 characters)
When a service is managed by this policy, the service is started only after
the user is logged in and the Encryption client is unlocked. This policy also
ensures that the service managed by this policy is stopped before the
Encryption client is locked during logoff. This policy can also prevent a user
logoff if a service is unresponsive.
More...
Syntax is one Service name per line. Spaces in the service name are
supported. Wildcards are not supported. Entries are not case-
sensitive. For
example, GoogleDesktop Manager is the same as googledesktopmanager.
The service "log on as" setting has no bearing on whether or not the
Encryption client can control it. It does not matter if a user logs on with
user credentials verses the local system.
The startup type (Automatic or Manual) does not affect the ability of the
Encryption client to control it. Automatic or Manual startup is acceptable.
Managed services are not started if an unmanaged user logs on.
Secure Post-
Encryption Cleanup
No Overwrite
No Overwrite, Single-pass Overwrite, Three-pass Overwrite, Seven-pass
Overwrite
Once encryption is complete, this policy determines what happens to the
unencrypted residue of the original files:
• No Overwrite deletes it. This value yields the fastest encryption
processing.
• Single-pass Overwrite overwrites it with random data.
• Three-pass Overwrite overwrites it with a standard pattern of 1s and 0s,
then with its complement, and then with random data.
• Seven-pass Overwrite overwrites it with a standard pattern of 1s and 0s,
then with its complement, and then with random data five times. This
value makes it most difficult to recover the original files from memory, and
yields the most secure encryption processing.
Secure Windows
Credentials
Not Selected
When this policy is selected, the Windows Credentials are secured by
encrypting the entire registry with the exception of registry information
required for computer boot. The information required for computer boot
includes HKLM/SYSTEM and all sub-keys..
More...
A reboot is required when a change to this policy is delivered. To control
this reboot, configure the following policies: Force Reboot on Update,
Length of Each Reboot Delay, and Number of Reboot Delays Allowed.
Block Unmanaged
Access to Domain
Credentials
Not Selected
This policy prevents unmanaged users and applications from accessing the
Windows domain credentials when a user is logged in.
Secure Windows
Hibernation File
Not Selected
When this policy is selected, the hibernation file is encrypted only when
the computer enters hibernation. The Encryption client disengages
protection when the computer comes out of hibernation, providing
protection without impacting users or ap
plications while the computer is in
use.
Prevent Unsecured
Hibernation
Not Selected
When this policy is selected, the Encryption client does not allow computer
hibernation if the client is unable to encrypt the hibernation data.
Scan Workstation
on Logon
Not selected
When this policy is selected, all current and previously encrypted folders
on the encrypted computer's local hard drives are scanned each time a
managed user logs on, ensuring that all Common Encrypted Folders and
User Encrypted Folders policy values are properly implemented. Abides by
the Workstation Scan Priority policy.
Workstation Scan
Priority
Highest, High, Normal, Low, Lowest
Specifies the relative Windows priority of encrypted folder scanning. High
and Highest prioritize scanning speed over computer responsiveness, Low
and Lowest prioritize computer responsiveness over scanning speed and
favor other resource-intensive activities, and Normal balances the two.
The client checks for a changed Workstation Scan Priority before
processing the next file.