Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

161

162

163

164

165

166

167

168

169

170

Manage Policies

Read Only: Allows read capability. Write data is disabled

Blocked: Port is blocked from read/write capability

This policy is endpoint-

based and cannot be overridden by user

policy.

Class: Windows

Portable

Device (WPD)

Enabled

PARENT to the next policy. Set this policy to Enabled to use

the Subclass Windows Portable Device (WPD): Storage policy.

Setting this policy to Disabled disables the Subclass Windows

Portable Device (WPD): Storage policy - no matter what its

value.

Control access to all Windows Portable Devices.

Subclass

Windows

Portable

Device (WPD):

Storage

Full Access

CHILD of Class: Windows Portable Device (WPD) . Class: Windows

Portable Device (WPD) must be set to Enabled to use this

policy.

Full Access: Port does not have read/write data restrictions

applied.

Read Only: Allows read capability. Write data is disabled.

Blocked: Port is blocked from read/write capability.

Class: Human

Interface

Device (HID)

Enabled

Control access to all Human Interface Devices (keyboards,

mice).

Note: USB port-level blocking and HID class-

level blocking is

only honored if we can identify the computer chassis as a

laptop/notebook form-factor. We rely on the computer's BIOS

for the identification of the chassis.

Class: Other

Enabled

Control access to all devices not covered by other Classes.

EMS Encrypt

External Media

Not Selected

This policy must be selected to use all other removable media

policies. Not Selected means that no encryption of removable

media takes place, regardless of other removable media policy

values.

EMS Exclude

CD/DVD

Encryption

Not Selected Not Selected encrypts CD/DVD devices.

EMS Access to

unShielded

Media

Read Only

Block, Read Only, Full Access

Note that this policy interacts with the Storage > Subclass

Storage: External Drive Control policy. If you intend to set

this policy to Full Access, ensure that Subclass Storage:

External Drive Control is not set to Read Only or Blocked.

More...

When this policy is se

t to Block Access, you have no access to

removable media unless it is encrypted.

Choosing either Read-

Only or Full Access allows you to decide

what removable media to encrypt.

If you choose not to encrypt removable media and this policy

is set to Full Access, you have full read/write access to

removable media.

If you choose not to encrypt removable media and this policy

is set to Read-

Only, you can read or delete existing files on

the unencrypted media, but files cannot be edited on, or added

to, the media .

EMS Encryption

Algorithm

AES256

AES 256, AES 128, 3DES

Encryption algorithm used to encrypt removable media.

Encryption algorithms in order of speed, fastest first, are

AES 128, AES 256, 3DES.

EMS Automatic

Authentication

Disabled

Disabled, Local, Roaming

Local automatic authentication allows the encrypted media to

be automatically authenticated when inserted in the originally

encrypting computer when the owner of that media is logged in.

When local automatic authentication is disabled, users must

always manually authenticate to access encrypted media.

Not selecting roaming automatic authentication helps to

prevent users from forgetting their password when they take

the media home or share it with a colleague. Not selecting

roaming automatic authentication also promotes a sense of

158