Reference Guide
Security Management Server - AdminHelp v9.8
179
Encryption External Media operates off its own set of encryption rules independent of what Common
Encryption, User Encryption, or SDE uses. User/Common Encryption policies will only be applied to fixed
disks. If an endpoint is determined to be removable storage, then Encryption External Media policy will be
applied.
What Happens When Policies Tie
• When an exclusion and inclusion statement both apply to a given directory or file, the exclusion
policy prevails.
• If you apply a Common encryption policy and User encryption policy specifically to the same file or
location, the file or location will be Common Key encrypted.
• If you apply a Common encryption policy and an SDE encryption policy specifically to the same file
or location, the file or location will be Common Key encrypted.
• If you apply a user encryption policy and an SDE encryption policy specifically to the same file or
location, the file or location will be User Key encrypted.
See Sub-directories and Precedence of Directives
for more information.
Generic Drive Statements
Instead of having to specify each drive in an inclusion or exclusion rule by its drive letter assignment, you
may use a generic rule to target either All Fixed Drives or all Removable Drives.
Fixed Drive Usage: Replace the drive letter with F#.
Example: F#:\ instead of C:\ or D:\
The Fixed Drive rule can only be used within a Common Encrypted Folder policy, User Encrypted
Folder policy, and/or SDE policy.
Removable Drive Usage: Replace the drive letter with R#.
Example: R#:\ instead of F:\ or H:\
The Removable Drive rule can only be used within an Encryption External Media Encryption Rules
policy.
Remove System Data Encryption (SDE)
To completely decrypt SDE encrypted files, apply the following policies:
SDE Encryption Enabled = Not Selected
Encrypt Windows Paging File = Not Selected
Secure Windows Credentials = Not Selected
Remove HCA-Based Encryption
To remove hardware-based encryption, issue a policy of Hardware Crypto Accelerator (HCA) = Off.
Authentication
Authentication
Authentication policies allow you to configure user experience and Windows authentication.