Reference Guide
Manage Policies
182
Once encryption is complete, this policy determines what happens to the
unencrypted residue of the original files:
• No Overwrite deletes it. This value yields the fastest encryption
processing.
• Single-pass Overwrite overwrites it with random data.
• Three-pass Overwrite overwrites it with a standard pattern of 1s and 0s,
then with its complement, and then with random data.
• Seven-pass Overwrite overwrites it with a standard pattern of 1s and 0s,
then with its complement, and then with random data five times. This
value makes it most difficult to recover the ori
ginal files from memory, and
yields the most secure encryption processing.
Secure Windows
Credentials
Selected
When this policy is selected, the Windows Credentials is secured by
encrypting the entire registry with the exception of registry information
required for computer boot. The information required for computer boot
includes HKLM/SYSTEM and all sub-keys.
This policy value is automatically set to Selected if SDE is enabled.
More...
A reboot is required when a change to this policy is delivered. To control
this reboot, configure the following policies: Force Reboot on Update,
Length of Each Reboot Delay, and Number of Reboot Delays Allowed.
Block Unmanaged
Access to Domain
Credentials
Selected
This policy prevents unmanaged applications from accessing the Windows
domain credentials when a user is logged in.
Secure Windows
Hibernation File
Not Selected
When enabled, the hibernation file is encrypted only when the computer
enters hibernation. The Encryption client disengages protection when the
computer comes out of hibernation, providing protection without
impacting users or applications while the computer is in use.
Prevent Unsecured
Hibernation
Not Selected
When enabled, the Encryption client does not allow computer hibernation
if the client is unable to encrypt the hibernation data.
Workstation Scan
Priority
Lowest
Highest, High, Normal, Low, Lowest
Specifies the relative Windows priority of encrypted folder scanning. High
and Highest prioritize scanning speed over computer responsiveness, Low
and Lowest prioritize computer responsiveness over scanning speed and
favor other resource-intensive activities, and Normal balances the two.
The client checks for a changed Workstation Scan Priority before
processing the next file.
The scan priority levels are used in two different ways.
1.
These values correspond with the values used by the Microsoft
SDK to set thread execution priority.
2. The client uses these values to introduce a delay in the
encryption sweep after every single file is processed.
The values translate to the following millisecond delay ranges,
where the encryption thread will sit idle and then return full
control to the operating system:
Highest=0 ms / Lowest=100 ms
Policy Proxy
Connections
String
String - maximum of 1500 characters
List fully qualified Policy Proxy hostnames, or IP addresses, separated by
carriage returns. Ports cannot be specified in this policy.
More...
Once a valid entry is found, the remainder of the Policy Proxies listed are
ignored.
Entries are processed in the following order:
1. GKConnections Override (this registry entry overrides all other entries)
2. GKConnections (this registry entry is set automatically by the client,
based on the this policy)
3. GK
To override this policy and specify ports via the registry key, set
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\
Winlogon\CMGShield\GKConnectionsOverride.
The client communicates with Policy Proxies using the GKPORT (the default