Reference Guide
Security Management Server v10.2.10 AdminHelp
143
If the client is processing a large file that an application
needs, and this policy is Selected, it may appear that the
application is unresponsive or slow to open (with no message
indicating what the issue is). Care should be taken when using
this policy.
Number of
Encryption
Processing
Delays Allowed
0
0-5000
A non-zero value allows the user to delay any encryption
processing required by the encryption policies you set, the
specified number of times. Set to zero to disable delays.
Length of Each
Encryption
Processing
Delay
5
5-40320 minutes
If Number of Encryption Processing Delays Allowed has a non-
zero value, use this policy to specify how often the user is
prompted to continue with encryption processing or delay
again.
More...
This prompt displays for five minutes each time. If the user
does not respond to the prompt, encryption processing begin
s.
The final delay prompt incl
udes a countdown and progress bar,
and it displays until the user responds, or the final delay
expires and encryption processing begins.
Calculate the maximum possible delay as follows (a maximum
delay would involve the user responding to each delay prompt
immediately prior to the 5-minute mark):
(Number of Encryption Processing Delays Allowed x Length of
Each Encryption Processing Delay) + (5 minutes x [Number of
Encryption Processing Delays Allowed - 1])
Length of Each
Policy Update
Delay
15
5-40320 minutes
If Number of Policy Update Delays Allowed has a non-zero
value, use this policy to specify how often the user is
prompted to logoff/reboot or delay again.
More...
This prompt displays for five minutes each time. If the user
does not respond to the prompt, the next delay begins. The
final delay prompt in
cludes a countdown and progress bar, and
it displays until the user responds, or the final delay
expires and the required logoff/reboot occurs.
You can change the behavior of the user prompt to begin or
delay encryption, to prevent encryption processing following
no user response to the prompt.
To do this, set the registry key SnoozeBeforeSweep |(DWORD),
stored in HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CMGShield, to a non-zero value. An
y
non-zero value will change the default behavior to snooze.
With no user interaction, encryption processing is delayed up
to the number of configurable allowed delays. When the final
delay expires, encryption processing begins.
Calculate the maximum possible delay as follows (a maximum
delay would involve the user never responding to a delay
prompt, each of which displays for 5 minutes):
(Number of Policy Update Delays Allowed x Length of Each
Policy Update Delay) + (5 minutes x [Number of Policy Update
Delays Allowed - 1])
Force Reboot
on Update
Selected
When selected, the computer immediately reboots to allow
processing of encryption or updates related to device-based
policy, such as System Data Encryption (SDE).
Length of
Each
Reboot Delay
15
5-40320 minutes
The number of minutes to delay when the user chooses to dela
y
reboot for device-based policy.
Number of
Reboot Delays
Allowed
3
0-5000
The number of times the user is allowed to delay reboot for
device-based policy.
Allow
False
True, False, User-Optional