Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

141

142

143

144

145

146

147

148

149

150

Security Management Server Virtual v10.2.11 AdminHelp

Outlook

Personal

Folders

%\Microsoft\Outlook) with the User data encryption key.

Encrypt

Temporary

Files

Selected

When this policy is selected, the paths listed in the

environment variables TEMP and TMP are encrypted. TEMP and TMP

for the operating system are encrypted with the Common

encryption key.

To reduce encryption sweep time, the contents of the TEMP and

TMP folders are cleared for initial encryption, as well as

updates to this policy. However, if your organization uses a

third-party application that requires the file structure

within the \

temp directory to be preserved, you should prevent

this deletion.

To disable temporary file deletion, create DeleteTempFiles

(REG_DWORD) and set its value to 0 in the registry at

HKLM\SOFTWARE\Credant\CMGShield.

Encrypt

Temporary

Internet Files

Selected

When this policy is selected, the path listed in the

environment variable CSIDL_INTERNET_CACHE is encrypted with

the User data encryption key.

To reduce encryption sweep time, the contents of

CSIDL_INTERNET_CACHE are cleared for initial encryption, as

well as updates to this policy.

This policy is applicable when using Microsoft Internet

Explorer only. For other web browsers, an administrator must

create an encryption policy that is specific to the storage

location of the temporary internet files used by each browser.

Encrypt User

Profile

Documents

Not Selected

When this policy is selected, the following are encrypted:

• The users profile (C:\Users\jsmith) with the User data

encryption key

• \Users\Public with the Common encryption key

Encrypt

Windows Paging

File

Selected

When this policy is selected, the Windows paging file is

encrypted. A change to this policy requires a reboot.

Managed

Services

String

String - maximum of 100 entries of 500 characters each (up to

a maximum of 2048 characters)

When a service is managed by this policy, the service is

started only after the user is logged in and the Encryption

client is unlocked. This policy also ensures that the service

managed by this policy is stopped before the Encryption client

is locked during logoff. This policy can also prevent a user

logoff if a service is unresponsive.

More...

Syntax is one Service name per line. Spaces in the service

name are supported. Wildcards are not supported. Entries are

not case-

sensitive. For example, GoogleDesktop Manager is the

same as googledesktopmanager.

The service "log on as" setting has no bearing on whether or

not the Encryption client can control it. It does not matter

if a user logs on with user credentials verses the local

system.

The startup type (Automatic or Manual) does not affect the

ability of the Encryption client to control it. Automatic or

Manual startup is acceptable.

Managed services are not started if an unmanaged user logs on.

Secure Post-

Encryption

Cleanup

No Overwrite

No Overwrite, Single-pass Overwrite, Three-pass Overwrite,

Seven-pass Overwrite

Once encryption is complete, this policy determines what

happens to the unencrypted residue of the original files:

• No Overwrite deletes it. This value yields the fastest

encryption processing.

• Single-pass Overwrite overwrites it with random data.

• Three-pass Overwrite overwrites it with a standard pattern

137