Encryption Policies

The following table explains the policies governing how encryption is handled on File Encryption devices.

Table 1. File Encryption Encryption Policy Descriptions

Policy Name


Value Range and Default

Allow Secure Delete

Specify whether to allow the user to delete files.

Yes, No

Default: Yes

Disable Optical Drive

Disable access to CD or DVD drives.

Yes, No

Default: No

Encryption Key Used

  • User Key: choose a key unique to the user.

  • Group Key: choose a key unique to the group, so all users in the group will also have access to files.

  • Enterprise Key: choose a key unique to the enterprise, so all users in the enterprise will also have access to files.

User Key, Group Key, Enterprise Key

Default: Group Key

Encryption Method Allowed

Choose which allowable ways to encrypt files are allowed:

  • User Key

  • Group Key

  • User-created password

  • Digital Certificates

User’s Unique Key, Group Unique Key, Encrypt With Static Password, Encrypt With Certificate

Default: All

Removable Media

Specify settings for USB devices.

Enable, Disable

Default: Disable

Allowed USB Devices

Specify permitted USB devices.

Any, KeyArmor

Default: Any

Disable USB Drive

Disable the USB drive when not logged in, always disable, and never disable drive.

Always, Logged Out, Never

Default: Logged Out

Folders to Encrypt on Removable Media

The drive letter is given and the policy value corresponds to a valid removable media device. Non-existent folders are created. If no drive letter is given then all removable media devices attached to the device at login will use the policy values.

1-255 characters

Default: N/A

Fully Encrypt Device

Specify whether all files/folders on removable media are encrypted.

Yes, No

Default: No

Specify Folders to Encrypt

List the folders that will be encrypted on the hard drive. Non-existent folders are created. A valid drive letter to the hard drive must also be supplied. A valid policy value is: C:\EncryptedFolder.

1-255 characters

Default: %DESKTOP%\Encrypted Files