Deployment Guide
Policy Aggre
ssive
Protec
tion
for All
Fixed
Drives
and
Extern
al
Drives
PCI
Regula
tion
Data
Breac
h
Regula
tion
HIPAA
Regula
tion
Basic
Protec
tion
for All
Fixed
Drives
and
Ext
Drives
(Defau
lt)
Basic
Protec
tion
for All
Fixed
Drives
Basic
Protec
tion
for
Syste
m
Drive
Only
Basic
Protec
tion
for
Extern
al
Drives
Encry
ption
Disabl
ed
Description
Read Only: Allows read
capability. Write data is
disabled.
Blocked: Port is blocked
from read/write capability.
Class:
Human
Interface
Device
(HID)
Enabled Control access to all
Human Interface Devices
(keyboards, mice).
Note: USB port-level
blocking and HID class-
level blocking is only
honored if the computer
chassis type can be
identified as a laptop/
notebook form-factor. The
computer's BIOS is relied
on for the identification of
the chassis.
Class:
Other
Enabled Control access to all
devices not covered by
other Classes.
Removable Storage Policies
EMS
Encrypt
External
Media
True False True False This policy is the "master
policy" for all Removable
Storage policies. A False
value means that no
encryption of removable
storage takes place,
regardless of other policy
values.
A True value means that all
Removable Storage
encryption policies are
enabled.
This policy has interactions
with PCS. See Encryption
External Media and PCS
Interactions.
EMS
Exclude
CD/DVD
Encryptio
n
False True False encrypts CD/DVD
devices.
This policy has interactions
with PCS. See Encryption
External Media and PCS
Interactions.
54 Policies and Template Descriptions