Site Actions control when to allow or prevent access to encrypted devices that were encrypted by different Endpoint Security Management Servers. Each Endpoint Security Management Server (known as a Site) has a Universally Unique Identifier (UUID). When you encrypt a storage device on an Endpoint Security client, the Endpoint Security Management Server UUID is written to the device. The Site action can prevent access to devices encrypted on a different Endpoint Security Management Server or from another organization. The Site action is enabled by default.
When a user attaches a storage device, Media Encryption & Port Protection makes sure that the device matches UUID the Endpoint Security Management Server UUID or another trusted Endpoint Security Management Server. If the UUIDs match, the user can enter a password to access the device. If the UUID does not match, access to the device is blocked.
This table shows what occurs when you insert an encrypted device into a client that is connected to an Endpoint Security Management Server the policy allows read- access. The Endpoint Security Management Server that the device was encrypted with is referred to as "the encrypting Endpoint Security Management Server".
The client is connected to: |
Action |
---|---|
The encrypting Endpoint Security Management Server |
User can access automatically or enter a password for access. |
A different trusted Endpoint Security Management Server |
User can enter a password for access. |
A non-trusted Endpoint Security Management Server |
User cannot access the device. |
Media Encryption Site actions are part of the Media Encryption & Port Protection Policy. This predefined action is enabled by default. You can change this action or create your own custom actions.
Action |
Description |
---|---|
Allow access to media encrypted at current site only |
Media Encryption Site (UUID) verification is enabled. Endpoint Security clients can only access encrypted devices that were encrypted by the same Endpoint Security Management Server. If you add Endpoint Security Management Servers to the table below, they are considered trusted and devices encrypted on those servers are allowed also. |
To allow access to devices encrypted on other trusted Endpoint Security Management Servers:
To allow access to devices encrypted on this Endpoint Security Management Server from other Endpoint Security Management Servers:
To disable Media Encryption sites:
This creates a new site action.
When Media Encryption Sites is disabled, Endpoint Security clients can access storage devices that were encrypted by all Endpoint Security Management Servers.