Reference Guide
Security Management Server Virtual - AdminHelp v9.8
171
What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an
inclusion) On the C: drive, encrypt all files in folders at the root level and below, except for files
residing in the protected directories
and files residing in “MyApplicationFolder”. However, override
and encrypt files with the extension doc, docx, xls, xlsx, ppt, and pptx in the protected directories
and in the folder “MyApplicationFolder”.
Example 2 of competing directives:
C:\
-C:\MyApplicationFolder
^C:\;doc.xls.ppt.docx.xlsx.pptx
-^C:\MyApplicationFolder;doc.xls.ppt.docx.xlsx.pptx
What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an
inclusion, 4th statement is an exclusion) On the drive of C:, encrypt all files in folders at the root
level and below, except for files residing in the protected directories
and files residing in
“MyApplicationFolder”. However, override and encrypt files with the extension doc, docx, xls, xlsx,
ppt, and pptx in the protected directories, but not in the folder “MyApplicationFolder”.
Example 3 of competing directives:
C:\
-C:\MyApplicationFolder
^C:\;doc.xls.ppt.docx.xlsx.pptx
-^C:\MyApplicationFolder;doc.xls.ppt.docx.xlsx.pptx
-^C:\MyApplicationFolder\Templates
What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an inclusion,
4th statement is an exclusion, 5th statement is an exclusion) On the C: drive, encrypt all files in folders at
the root level and below, except for files residing in the protected directories
and files residing in
“MyApplicationFolder”. However, override and encrypt files with the extension doc, docx, xls, xlsx, ppt, and
pptx in the protected directories, but not in the folder “MyApplicationFolder”. Additionally, the folder
“MyApplicationFolder\Templates” gains a category 2 protection causing no data to be encrypted there, since
the inclusion statements are less than or equal to category 2.
Environment Variables, KNOWNFOLDERID constants, and CSIDL
Using encryption rules, you can make use of environment variables, KNOWNFOLDERID constants (Windows 7
and later), and CSIDL values (pre-Windows 7 computers) in addition to specifying your policy folder locations
as absolute paths. In order to use variables in your encryption rules, follow these formatting rules:
• Before and after the use of the variable, use a percent sign (%).
• For environment variables, you must use “ENV:” preceding the variable name, all contained within
the percent signs.
• For KNOWNFOLDERID constants, you must use "FOLDERID_" preceding the variable name. Percent
signs are not used.
• For CSIDL variables, you must use “CSIDL:” preceding the variable name, all contained within the
percent signs.
• Ensure that your variable contains a trailing backslash if you plan on appending another directory
after the use of the variable.
• Variables can be used in both folder and extension inclusion or exclusion rules.