Reference Guide
Security Management Server v10.2.7 AdminHelp
159
Important: Allowing a user to pause encryption could allow the user to
prevent the Encryption client from fully encrypting or decrypting data per
policy.
Suppress File
Contention
Notification
Selected
This policy controls whether users see notification pop-ups if an
application attempts to access a file while the client is processing it.
More...
If the client is processing a large file that an application needs, and this
policy is Selected, it may appear that the application is unresponsive or
slow to open (with no message indicating what the issue is). Care should
be taken when using this policy.
Number of
Encryption
Processing Delays
Allowed
0
0-5000
A non-zero value allows the user to delay any encryption processing
required by the encryption policies you set, the specified number of times.
Set to zero to disable delays.
Length of Each
Encryption
Processing Delay
5
5-40320 minutes
If Number of Encryption Processing Delays Allowed has a non-zero value,
use this policy to specify how often the user is prompted to continue with
encryption processing or delay again.
More...
This prompt displays for five minutes each time. If the user does not
respond to the prompt, encryption processing begins. The final delay
prompt includes a countdown and progress bar, and it displays until the
user responds, or the final delay expires and encryption processing begins.
Calculate the maximum possible delay as follows (a maximum delay would
involve the user respond
ing to each delay prompt immediately prior to the
5-minute mark):
(Number of Encryption Processing Delays Allowed x Length of Each
Encryption Processing Delay) + (5 minutes x [Number of Encryption
Processing Delays Allowed - 1])
Length of Each
Policy Update Delay
15
5-40320 minutes
If Number of Policy Update Delays Allowed has a non-zero value, use this
policy to specify how often the user is prompted to logoff/reboot or delay
again.
More...
This prompt displays for five minutes each time. If the user does not
respond to the prompt, the next delay begins. The final delay prompt
includes a countdown and progress bar, and it displays until the user
responds, or the final delay expires and the required logoff/reboot occurs.
You can change the behavior of the user prompt to begin or delay
encryption, to prevent encryption processing following no user response to
the prompt.
To do this, set the registry key SnoozeBeforeSweep |(DWORD), stored in
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CMGShield, to a non-zero value. Any non-
zero value will change the default behavior to snooze.
With no user interaction, encryption processing is delayed up to the
number of configurable allowed delays. When the final delay expires,
encryption processing begins.
Calculate the maximum possible delay as follows (a maximum delay would
involve the user never responding to a delay prompt, each of which
displays for 5 minutes):
(Number of Policy Update Delays Allowed x Length of Each Policy Update
Delay) + (5 minutes x [Number of Policy Update Delays Allowed - 1])
Force Reboot on
Update
Selected
When selected, the computer immediately reboots to allow processing of
encryption or updates related to device-based policy, such as System Data
Encryption (SDE).
Length of Each
Reboot Delay
15
5-40320 minutes
The number of minutes to delay when the user chooses to delay reboot for
device-based policy.
Number of Reboot
3
0-5000