Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

171

172

173

174

175

176

177

178

179

180

Security Management Server v10.2.11 AdminHelp

Encrypt

Temporary

Files

Not Selected

When this policy is selected, the paths listed in the

environment variables TEMP and TMP are encrypted. TEMP and TMP

for the operating system are encrypted with the Common

encryption key.

To reduce encryption sweep time, the contents of the TEMP and

TMP folders are cleared for initial encryption, as well as

updates to this policy. However, if your organization uses a

third-party application that requires the file structure

within the \

temp directory to be preserved, you should prevent

this deletion.

To disable temporary file deletion, create DeleteTempFiles

(REG_DWORD) and set its value to 0 in the registry at

HKLM\SOFTWARE\Credant\CMGShield.

Encrypt User

Profile

Documents

Not Selected

When this policy is selected, the following are encrypted:

• The users profile (C:\Users\jsmith) with the User data

encryption key

• \Users\Public with the Common encryption key

Encrypt

Windows Paging

File

Selected

When this policy is selected, the Windows paging file is

encrypted. A change to this policy requires a reboot.

Managed

Services

null

String - maximum of 100 entries of 500 characters each (up to

a maximum of 2048 characters)

When a service is managed by this policy, the service is

started only after the user is logged in and the Encryption

client is unlocked. This policy also ensures that the Service

managed by this policy is stopped before the Encryption client

is locked during logoff. This policy can also prevent a user

logoff if a service is unresponsive.

More...

Syntax is one service name per line. Spaces in the Service

name are supported. Wildcards are not supported. Entries are

not case-

sensitive. For example, GoogleDesktop Manager is the

same as googledesktopmanager.

The service "log on as" setting has no bearing on whether or

not the Encryption client can control it. It does not matter

if a user logs on with user credentials verses the local

system.

The startup type (Automatic or Manual) does not affect the

ability of the Encryption client to control it. Automatic or

Manual startup is acceptable.

Managed services are not started if an unmanaged user logs on.

Secure Post-

Encryption

Cleanup

Single Pass Overwrite

No Overwrite, Single-pass Overwrite, Three-pass Overwrite,

Seven-pass Overwrite

Once encryption is complete, this policy determines what

happens to the unencrypted residue of the original files:

• No Overwrite deletes it. This value yields the fastest

encryption processing.

• Single-pass Overwrite overwrites it with random data.

• Three-pass Overwrite overwrites it with a standard pattern

of 1s and 0s, then with its complement, and then with random

data.

• Seven-pass Overwrite overwrites it with a standard pattern

of 1s and 0s, then with its complement, and then with random

data five times. This value makes it most difficult to recover

the original files from memory, and yields the most secure

encryption processing.

Secure Windows

Credentials

Selected

When this policy is selected, the Windows Credentials is

secured by encrypting the entire registry with the exception

of registry information required for computer boot. The

information required for computer boot includes HKLM/SYSTEM

and all sub-keys.

This policy value is automatically set to Selected if SDE is

enabled.

167