Reference Guide
Manage Policies
Encryption
Processing
Only When
Screen is
Locked
When True, there is no encryption or decryption of data while
the user is actively working. The client will only process
data when the workstation screen is locked.
When False, encryption processing occurs any time, even while
the user is working.
User-Optional adds an option to the notification area icon
allowing the user to turn this feature on or off.
Enabling this option will significantly extend the amount of
time it takes to complete encryption or decryption.
Hide Overlay
Icons
Selected
When Selected, Encryption overlay icons is not present on
encrypted files in File Explorer for all managed users on th
e
computer.
Encrypt
temporary
files
Off
When
Off
SDE
Common
See basic
settings
Policy Default Setting Description
BitLocker Encryption
This technology manages Microsoft BitLocker policies for full disk and removable media encryption.
Disable
BitLocker on
Self-
Encrypting
Drives
Selected
Selected
Not Selected
If Selected, BitLocker Manager does not start encryption on a
volume that is already protected by a provisioned SED.
For example, if th
is policy is Selected and both C: and D: are
on one physical self-encrypting drive, and the PBA has been
provisioned, then C: and D: does not encrypt for BitLocker
even if System and Fixed drive encryption are turned on in the
BitLocker Manager policies.
See basic
settings
BitLocker Encryption - Fixed Data Volume Settings
Configure the
Use of Smart
Cards on Fixed
Data Drives
Allow
Allow
Disallow
Require
This policy specifies whether smart cards can be used to
authenticate access to BitLocker fixed data drives. These
settings are enforced when turning on BitLocker, not when
unlocking a drive. BitLocker will allow unlocking a drive with
any of the protectors available on the drive.
Deny Write
Access to
Fixed Data
Drives Not
Protected by
BitLocker
Disabled
Enabled
Disabled
Enabled for Organizations
If the drive is protected by BitLocker, it is mounted with
read and write access.
If you disable or do not configure this policy setting, all
fixed data drives on the computer is mounted with read and
write access.
When Disabled, this policy element will force the option to be
blocked from being used, and will not proceed until it is
met.
When Enabled, this policy element will force the option to be
used, and will not proceed unless it is met.
Allow Access
Selected
Selected
142