Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

171

172

173

174

175

176

177

178

179

180

Manage Policies

166

#: Refers to all drives

f#: Refers to all fixed (non-removable) drives

r#: Refers to all removable drives

Common

Encryption

Algorithm

AES256

AES 256 or AES 128

Encryption algorithm used to encrypt data at the endpoint (all

users) level.

System paging files are encrypted using AES 128.

Encryption algorithms in order of speed, fastest first, are

AES 128, AES 256, 3DES.

Application

Data

Encryption

List

Exe List

winword.exe

excel.exe

powerpnt.exe

msaccess.exe

winproj.exe

outlook.exe

acrobat.exe

visio.exe

mspub.exe

winzip.exe

winrar.exe

onenote.exe

onenotem.exe

String - maximum of 100 entries of 500 characters each

Dell does not add explorer.exe or iexplorer.exe to the ADE

list, as unexpected or unintended results may occur.

Explorer.exe is t

he process used to create a new notepad file

on the desktop using the right-click menu.

Setting encryption by file extension, instead of the ADE list,

provides more comprehensive coverage.

Changes to this policy do not affect files already encrypted

because of this policy.

List process names of applications (without paths) whose new

files you want encrypted, separated by carriage returns. Do

not use wildcards.

More...

You can a

lso specify these process names (separated by commas)

via the registry value

HKLM\SOFTWARE\Credant\CMGShield\ApplicationDataEncryption

List.

The Encryption client encrypts all new files (not already

being encrypted by Common Encrypted Folders and User Encry

pted

Folders) on the current computer hard drives created by these

application processes whenever they are owned by a currently-

logged-on managed user. This may include files excluded from

encryption by Common Encrypted Folders and/or User

Encrypted Folders.

The following folders and their subfolders are always excluded

from encryption by this policy:

C:\Windows\system32

C:\Windows\Software Distribution

C:\Windows\Security

C:\System Volume Information\Program

Files\Credant\(.dll.exe.sys.mac.ddp.wip.rty.nmd.inv)

Dell strongly recommends not listing applications or

installers that write system-critical files. Doing so could

result in encryption of important system files, which could

make a Windows computer unbootable.

Common process names:

outlook.exe

winword.exe

powerpnt.exe

msaccess.exe

wordpad.exe

mspaint.exe

excel.exe

The following hard-coded system and installer process names

are ignored if specified in this policy (you can also add to

this list in the registry value

HKLM\SOFTWARE\Credant\CMGShield\EUWPrivilegedList):

hotfix.exe, a Windows update process

update.exe, a Windows update process

setup.exe, a third-party installer process

msiexec.exe, a third-party installer process

wuauclt.exe, a Windows update process

wmiprvse.exe, a Windows system process

migrate.exe, a Windows update process

unregmp2.exe, a Windows update process