Print Download PDF Send Feedback

Previous

Next

Offline Access Actions

You can select one of these predefined actions to define encryption behavior for storage devices:

You can change the settings of these predefined actions and create new custom Offline Access to Media action.

Custom Offline Access Settings

You can define custom offline access actions that include these settings:

Encryption Settings

Setting

Description

Allow user to choose owner during encryption

Lets users manually define the device owner before encryption. This lets users create storage devices for other users. By default, the device owner is the user who is logged into the endpoint computer. The device owner must be an Active Directory user.

Allow user to change size of encrypted media

Lets users change the percentage of a storage device that is encrypted, not to be lower than Minimum percentage of media capacity used for encrypted storage or Default percentage of media capacity used for encrypted storage. Also see Configuring Encryption Container Settings.

Allow users to remove encryption from media

Lets users decrypt storage devices.

Allow user to upgrade from legacy drives

Lets users upgrade storage devices that were encrypted by File Encryption version R73.

When encrypting, Non-Business Related Data will be:

Select one of these actions for existing data on a storage device upon encryption:

  • Copied to encrypted section - Non-Business Related data is encrypted and moved to the Business Related (encrypted) storage device.

    We recommend that you back up Non-Business Related data before encryption to prevent data loss if the encryption fails. For example, this can occur if there is insufficient space on the device.
  • Deleted - Non-Business related data is deleted.
  • Untouched - Non-Business Related data is not encrypted or moved.

Secure format media before encryption

Run a secure format before encrypting the storage device. Select the number of format passes to do before the encryption starts.

Change device name and icon after encryption

When selected, after the device is encrypted, the name of the non-encrypted drive changes to Non Business Data and the icon changes to an open lock.

When cleared, the name of the non-encrypted drive and the icon do not change after the device is encrypted.

Offline Access Settings

Setting

Description

Password protect media for access in offline mode

Lets users assign a password to access a storage device from a computer that is not connected to an Endpoint Security Management Server. Users can also access the storage device with this password from a non-protected computer

Allow user to recover their password using remote help

Lets user recover passwords using remote help.

Copy utility to media to enable media access in non-protected environments

Copies the Explorer utility to the storage device. This utility lets users access the device from computers that are not connected to an Endpoint Security Management Server.

Protect media with password for read-only access in offline mode

Lets users assign a different password that gives read-only access to a storage device.

Allow user to change read-only password

Lets users change a previously defined read-only password.

Configuring Encryption Container Settings

Configure options for setting the encrypted space on storage devices.

To configure encryption settings for users on storage devices:

  1. In the SmartEndpoint Policy tab, select a Media Encryption & Port Protection rule.
  2. Clone the Offline access to encrypted storage devices action.
  3. in the cloned action, under Allow offline access to encrypted storage devices, select Allow user to change the size of encrypted media.
  4. Set the Minimum percentage and Default percentage of free space- how much of the device's free space can be used

    Or set the Minimum percentage and Default percentage of media capacity - how much of the device's total capacity can be used.

To force encryption of all media:

  1. Do not select Allow user to change the size of encrypted media.
  2. Set the Minimum percentage and Default percentage of media capacity to 100.
Password Constraints for Offline Access

In the Properties of the Offline Access action, click Configure password constraints to set the requirements for password used to access encrypted devices.

These Actions define the requirements for user passwords for Media Encryption & Port Protection:

Action

Description

Use Windows password complexity

The standard Windows password requirements are enforced:

The password must:

  • Have at least six characters
  • Have characters from at least 3 of these categories: uppercase, lowercase, numeric characters, symbols.

Use custom password complexity

If you select this, select the requirements for which type of characters the password must contain or not contain.

Double-click an action to edit the properties:

Option

Description

Use custom requirements

If you select this, select the requirements for which type of characters the password must contain or not contain:

  • Consecutive identical characters, for example, aa or 33
  • Require special characters. These can be: ! " # $ % & ' ( ) * + , - . / : < = > ? @ {
  • Require digits, for example 8 or 4.
  • Require lower case characters, for example g or t.
  • Require upper case characters, for example F or G.
  • Password must not contain user name or full name.

Minimum length of password

Enter the minimum number of characters for a valid password.

Password can be changed only after

Enter the minimum number of days that a password must be valid before the user can change it.

Password expires after

Enter the maximum number of days that a password can be valid before the user must change it.

Number of passwords

Enter the minimum number of password changes needed before a previously used password can be used again.

Media Lockout Settings

You can configure Media Encryption & Port Protection to lock a device after a specified number of unsuccessful login attempts:

Select one of these Actions to define if and when user accounts are locked:

Action

Description

Do not lock out storage device upon failed authentication.

Users are not locked out of a device if they try to log on unsuccessfully. This setting is not recommended.

Temporarily lock storage device upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 5), the device is temporarily locked.

Permanently lock storage device upon failed authentication attempts

After a configured amount of failed log on attempts (the default is 10), the device is permanently locked.

Right-click an Action to edit the properties. You can also create custom device Lock actions.