Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

191

192

193

194

195

196

197

198

199

200

Manage Policies

180

-^%ENV:SYSTEMROOT%\System32

-^%ENV:SYSTEMROOT%\SysWow64

-^%ENV:SYSTEMROOT%\WinSxS

-^%ENV:SYSTEMROOT%\Fonts

^3@%ENV:SYSTEMROOT%\SYSTEM32\;exe

-^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe

-^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe

-^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace

-^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace

-^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace

applying patch updates.

Contact ProSupport for guidance if you are unsure about changing the

values.

Encryption Enabled Selected

This policy must be selected to use all Common encryption policies. Not

Selected means that no Common encryption takes place, regardless of

other policy values.

Changing the value of this policy triggers a new sweep to encrypt/decrypt

files.

Common Encrypted

Folders

String

%ENV:SYSTEMDRIVE%\;accdb.doc.docm.docx.mdb.pdf.ppam

.pps.ppsm.ppsx.ppt.pptm.pptx.pub.puz.sldm.sldx.tif.tiff

.vdx.vsd.vss.vst.vsx.vtx.xlam.xlm.xls.xlsb.xlsm.xlsx

.xsf.zip.rar

%ENV:USERPROFILE%\Desktop

%ENV:USERPROFILE%\Download

-^%ENV:SYSTEMDRIVE%\;dat

String - maximum of 100 entries of 500 characters each (up to a maximum

of 2048 characters)

A list of folders on computer drives to be encrypted or excluded from

encryption, which can then be accessed by all managed users who have

access to the computer. See Encryption Rules for information.

Important: Overriding directory protection can result in an unbootable

computer and/or require reformatting drives.

More...

The available drive letters are:

#: Refers to all drives

f#: Refers to all fixed (non-removable) drives

r#: Refers to all removable drives

Common

Encryption

Algorithm

AES256

AES 256 or AES 128

Encryption algorithm used to encrypt data at the endpoint (all users) level.

System paging files are encrypted using AES 128.

Encryption algorithms in order of speed, fastest first, are AES 128, AES 256,

3DES.

Application Data

Encryption List

Exe List

winword.exe

excel.exe

powerpnt.exe

msaccess.exe

winproj.exe

outlook.exe

acrobat.exe

visio.exe

mspub.exe

winzip.exe

winrar.exe

onenote.exe

onenotem.exe

String - maximum of 100 entries of 500 characters each

Dell does not add explorer.exe or iexplorer.exe to the ADE list, as

unexpected or unintended results may occur.

Explorer.exe is the process used to create a new notepad file on the

desktop using the right-click menu.

Setting encryption by file extension, instead of the ADE list, provides more

comprehensive coverage.

Changes to this policy do not affect files already encrypted because of this

policy.

List process names of applications (without paths) whose new files you

want encrypted, separated by carriage returns. Do not use wildcards.

More...

You can also specify these process names (separated by commas) via the

registry value

HKLM\SOFTWARE\Credant\CMGShield\ApplicationDataEncryptionList.

The Encryption client encrypts all new files (not already being encrypted by

Common Encrypted Folders and User Encrypted Folders) on the current

computer hard drives created by these application processes whenever

they are owned by a currently-logged-on managed user. This may include

files excluded from encryption by Common Encrypted Folders and/or User

Encrypted Folders.

The following folders and their subfolders are always excluded from

encryption by this policy:

C:\Windows\system32

C:\Windows\Software Distribution

C:\Windows\Security

C:\System Volume Information\Program

Files\Credant\(.dll.exe.sys.mac.ddp.wip.rty.nmd.inv)