ZENworks® ESM 3.5 Administrator’s Manual 99
Determine what levels of encryption will be permitted by this policy:
• Enable “Safe Harbor” encrypted folder for fixed disks
This generates a folder at the root of all fixed disk drives on the endpoint, named
“Encryption Protected Files.” All files placed in this folder, will be encrypted and
managed by the ZENworks Security Client. Data placed in this folder is automatically
encrypted and can only be accessed by authorized users on this machine.
The folder name can be changed by clicking in the Folder Name field, highlighting the
current text, and entering the name you desire.
WARNING
Before disabling data encryption, ensure that all data stored in this folder has been extracted by the user
and stored in another location.
• Enable encryption for removable storage devices
All data written to removable storage devices from an endpoint protected by this pol-
icy will be encrypted. Users with this policy on their machines will be able to read the
data, therefore file sharing via removable storage device within a policy group is avail-
able. Users outside this policy group will not be able to read the files encrypted on the
drive, and will only be able to access files within the Shared Files folder (if activated)
with a provided password.
• Allow user password protected folder
This setting gives the user the ability to store files in a Shared Files folder on the
removable storage device (this folder will be generated automatically when this setting
is applied). The user can specify a password when files are added to this folder, which
is then used by users who are not in the current policy group to extract the files.
The folder name can be changed by clicking in the Folder Name field, highlighting the
current text, and entering the name you desire.
WARNING
Before disabling data encryption, ensure that all data stored on removable storage devices has been
extracted by the user and stored in another location.
• Force client reboot when required
When encryption is added to a policy, it will not become active until the endpoint is
rebooted. This setting forces the required reboot by displaying a countdown timer,
warning the user that the machine will reboot in “x” seconds. The user has that amount
of time to save their work before their machine reboots.
Reboots are recommended when encryption is first activated in a policy, and when
either “Safe Harbor” or removable storage encryption is activated (if activated sepa-
rately from encryption activation).
