You can select one of these predefined actions to define encryption behavior for storage devices:
You can change the settings of these predefined actions and create new custom Offline Access to Media action.
You can define custom offline access actions that include these settings:
Encryption Settings
Setting |
Description |
---|---|
Allow user to choose owner during encryption |
Lets users manually define the device owner before encryption. This lets users create storage devices for other users. By default, the device owner is the user who is logged into the endpoint computer. The device owner must be an Active Directory user. |
Allow user to change size of encrypted media |
Lets users change the percentage of a storage device that is encrypted, not to be lower than Minimum percentage of media capacity used for encrypted storage or Default percentage of media capacity used for encrypted storage. Also see Configuring Encryption Container Settings. |
Allow users to remove encryption from media |
Lets users decrypt storage devices. |
Allow user to upgrade from legacy drives |
Lets users upgrade storage devices that were encrypted by File Encryption version R73. |
When encrypting, Non-Business Related Data will be: |
Select one of these actions for existing data on a storage device upon encryption:
|
Secure format media before encryption |
Run a secure format before encrypting the storage device. Select the number of format passes to do before the encryption starts. |
Change device name and icon after encryption |
When selected, after the device is encrypted, the name of the non-encrypted drive changes to Non Business Data and the icon changes to an open lock. When cleared, the name of the non-encrypted drive and the icon do not change after the device is encrypted. |
Offline Access Settings
Setting |
Description |
---|---|
Password protect media for access in offline mode |
Lets users assign a password to access a storage device from a computer that is not connected to an Endpoint Security Management Server. Users can also access the storage device with this password from a non-protected computer |
Allow user to recover their password using remote help |
Lets user recover passwords using remote help. |
Copy utility to media to enable media access in non-protected environments |
Copies the Explorer utility to the storage device. This utility lets users access the device from computers that are not connected to an Endpoint Security Management Server. |
Protect media with password for read-only access in offline mode |
Lets users assign a different password that gives read-only access to a storage device. |
Allow user to change read-only password |
Lets users change a previously defined read-only password. |
Configure options for setting the encrypted space on storage devices.
To configure encryption settings for users on storage devices:
Or set the Minimum percentage and Default percentage of media capacity - how much of the device's total capacity can be used.
To force encryption of all media:
In the Properties of the Offline Access action, click Configure password constraints to set the requirements for password used to access encrypted devices.
These Actions define the requirements for user passwords for Media Encryption & Port Protection:
Action |
Description |
---|---|
Use Windows password complexity |
The standard Windows password requirements are enforced: The password must:
|
Use custom password complexity |
If you select this, select the requirements for which type of characters the password must contain or not contain. |
Double-click an action to edit the properties:
Option |
Description |
---|---|
Use custom requirements |
If you select this, select the requirements for which type of characters the password must contain or not contain:
|
Minimum length of password |
Enter the minimum number of characters for a valid password. |
Password can be changed only after |
Enter the minimum number of days that a password must be valid before the user can change it. |
Password expires after |
Enter the maximum number of days that a password can be valid before the user must change it. |
Number of passwords |
Enter the minimum number of password changes needed before a previously used password can be used again. |
You can configure Media Encryption & Port Protection to lock a device after a specified number of unsuccessful login attempts:
Select one of these Actions to define if and when user accounts are locked:
Action |
Description |
---|---|
Do not lock out storage device upon failed authentication. |
Users are not locked out of a device if they try to log on unsuccessfully. This setting is not recommended. |
Temporarily lock storage device upon failed authentication attempts |
After a configured amount of failed log on attempts (the default is 5), the device is temporarily locked. |
Permanently lock storage device upon failed authentication attempts |
After a configured amount of failed log on attempts (the default is 10), the device is permanently locked. |
Right-click an Action to edit the properties. You can also create custom device Lock actions.