Configuring a Write Action

You define the default settings for write access to storage devices in the Removable Media Write Access window. This action can let users:

• Create new files
• Copy or move files to devices
• Delete files from devices
• Change file contents on devices
• Change file names on devices

The default predefined write actions are:

Action	Description
Allow writing any data to storage devices	Users can write all file types to storage devices.
Encrypt business related data written to storage devices	All Files that are defined as Business related data must be written to the encrypted storage. Non-business related data can be saved to the device without encryption. See Configuring Business Related File Types.
Encrypt all data written to storage devices	All files written to a storage device must be encrypted. This includes both Business and Non-Business Related data.
Do not allow writing any data to storage devices	Users cannot write any file types to storage devices.
Do not allow writing any data to storage devices, allow user override	By default, users cannot write any file types to storage devices. But. UserCheck lets users override the policy and write to a storage device, after entering justification for the action.

You can define custom write actions as necessary. Your new custom actions are always available in addition to the default actions.

To configure a storage device Write Action:

1. Right-click a Write Access action and select Edit Properties.

   The Removable Media Access window opens.

2. Optional: Select a different action from the list.

   Click New to create a custom action.

3. Select one of these Storage device write access options:
   • Allow any data - Users can write all data types to storage devices.
   • Encrypt business related data - Users can write all data types to the storage devices. Only Business Related data must be encrypted.
   • Encrypt all data - Users can write all data types to storage devices. All data must be encrypted, including Non-Business Related data.
   • Block any data - Users cannot write to the storage devices.
4. Select one or more of these options:
   • Log device events - Select this option to create a log entry when a storage device is attached (Event IDs 11 and 20 only).

     Note: If you select the Do not log events option in the Media Encryption & Port Protection rule, log entries are not created even if the Audit device events option is selected in this window.

   • Allow encryption - Select this option to let users encrypt storage devices. If this option is cleared, no storage devices can be encrypted.

     Click Additional Encryption Options to configure additional encryption settings as necessary.

   • Enable deletion - Select this option to let users delete files on devices with read only permissions.
5. Configure these settings for User Overrides (UserCheck)
   • Allow user to override company policy - Lets users override the assigned policy by sending written justification to an administrator. Click Configure Message to create your own user message.

     Note - The Allow user to override company policy option is not supported for CD/DVD ROM devices.

6. If necessary, click Configure file types to define custom business related file types.

Related Topics Configuring Business Related File Types Creating a Custom User Message