The following procedure explains the configurable options for policy rules affecting File Encryption devices.
See Creating a Policy.
The File Encryption policy rules settings appear.
User key: Use a unique key for each Endpoint Encryption user. Only the Endpoint Encryption user can decrypt files that he or she encrypted.
Policy key: Use a unique key for each policy. Only Endpoint Encryption users and devices in the policy can decrypt files.
Enterprise key: Any Endpoint Encryption user or device in the Enterprise can decrypt the files.
Selecting Policy key or Enterprise key controls the sharing for the File Encryption shared key. For more information, see File Encryption Actions.
Select Disable optical drives to control whether removable media is accessible from the endpoint.
Select Encrypt all files and folders on USB devices to automatically encrypt all the files and folders on removable drives when plugged into the endpoint.
Select Specify the file path to encrypt on USB devices to add or remove encrypted folders to USB drives. If a folder does not exist, it is created. If no drive letter is specified, all USB devices are affected.