Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

171

172

173

174

175

176

177

178

179

180

Security Management Server Virtual v10.2.10 AdminHelp

163

These rules have been tested against the following iPods:

iPod Video 30gb fifth generation

iPod Nano 2gb second generation

iPod Mini 4gb second generation

Dell does not recommend the use of the iPod Shuffle, as

unexpected results may occur.

As iPods change, this information could also change, so

caution is advised when allowing the use of iPods on

Encryption External Media-enabled computers.

Because folder names on iPods are dependent on the model of

the iPod, Dell recommends creating an exclusion encryption

policy which covers all folder names, across all iPod models.

EMS Block

Access to

UnShieldable

Media

Selected

Block access to any removable media that is less than 55 MB

and thus has insufficient storage capacity to host Encryption

External Media (such as a 1.44MB floppy disk).

More...

All access is blocked if EMS Encrypt External Media and this

policy are both Selected. If EMS Encrypt External Media is

Selected, but this policy is Not Selected, data can be read

from the unencryptable media, but write access to the m

edia is

blocked.

If EMS Encrypt External Media is Off, then this policy

has no

effect and access to unencryptable media is not impacted.

SDE Encryption

Enabled

Selected

If this policy is Not Selected, SDE encryption is disabled,

regardless of other policy values. Selected means that all

data not encrypted by other Intelligent Encryption policies

are encrypted per the SDE Encryption Rules policy. Changing

the value of this policy requires a reboot.

SDE Encryption

Algorithm

AES256

AES 256, AES 128, 3DES

Encryption algorithm used to for System Data Encryption.

Encryption algorithms in order of speed, fastest first, are

AES 128, AES 256, 3DES.

SDE Encryption

Rules

String

F#:\

-^%ENV:SYSTEMDRIVE%\System Volume Information

-^%ENV:SYSTEMROOT%\;dll.exe.sys.ocx.man.cat

.manifest.policy

-^%ENV:SYSTEMROOT%\System32

-^%ENV:SYSTEMROOT%\SysWow64

-^%ENV:SYSTEMROOT%\WinSxS

-^%ENV:SYSTEMROOT%\Fonts

^3@%ENV:SYSTEMROOT%\SYSTEM32\;exe

-^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe

-^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe

-^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace

-^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace

-^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Dell\Kace

Encryption rules to be used to encrypt/not encrypt certain

drives, directories, and folders. See Encryption Rules for

information.

SDE Encryption Rules may be changed as appropriate for your

environment. However, these defaults have been tested

extensively. Removing these exclusions may result in Windows

issues, particularly after applying patch updates.

Contact ProSupport for guidance if you are unsure about

changing the values.

Encryption

Enabled

Selected

This policy must be selected to use all Common encryption

policies. Not Selected means that no Common encryption takes

place, regardless of other policy values.

Changing the value of this policy triggers a new sweep to

encrypt/decrypt files.

Common

Encrypted

Folders

String

%ENV:SYSTEMDRIVE%\;accdb.doc.docm.docx.mdb.pdf.ppam

.pps.ppsm.ppsx.ppt.pptm.pptx.pub.puz.sldm.sldx.tif.tiff

.vdx.vsd.vss.vst.vsx.vtx.xlam.xlm.xls.xlsb.xlsm.xlsx

.xsf.zip.rar

%ENV:USERPROFILE%\Desktop

%ENV:USERPROFILE%\Download

-^%ENV:SYSTEMDRIVE%\;dat

String - maximum of 100 entries of 500 characters each (up to

a maximum of 2048 characters)

A list of folders on computer drives to be encrypted or

excluded from encryption, which can then be accessed by all

managed users who have access to the computer. See

Encryption

Rules for information.

Important: Overriding directory protection can result in an

unbootable computer and/or require reformatting drives.

More...

The available drive letters are: