Dell Data Protection. Encryption. How to Encrypt CDs or DVDs with EMS and PCS Policies. Introduction. This tip describes setting your encryption policies to encrypt CD or DVD media using External Media Shield and Port Control System policies. It requires the EMS product is installed and available via the Remote Management Console. Once configured, CDs and DVDs can only be written in Universal Disk Format and using encryption.
Note: These settings will also force the encryption of all other external media. Refer to the product documentation for complete details and best practices. Process Overview: EMS policies can be set at the "Enterprise", "Domain", "User Group", or "User" levels.
CD/DVD optical drives are managed under the "Windows Encryption" policy category, "Removable Storage" policies. PCS policies can be set at the "Enterprise", "Endpoint Group", or "Endpoint" level. CD/DVD devices are managed with Optical Drive Control in the Storage Class. EMS and PCS policy changes take effect when the endpoints receive a policy update.
Policy Settings Example. Open the Remote Management Console for Dell data protection encryption. Removable Storage policy configuration settings may be applied at various levels: Enterprise, "Domain", "User Groups", or "Users". This example will set EMS policies at the "Domain" level. Select the "Windows Encryption" Policy Category.
Then expand the "Removable Storage" section to reveal its settings. Set EMS Encrypt External Media to "true". This policy setting is the master policy for all Removable Storage policies. A "false" value means that no encryption of Removable Storage takes place, regardless of any other policy values.
A "true" value means that all Removable Storage encryption policies are enabled. Set "EMS Exclude CD/DVD Encryption" to "false". Setting this to "false" allows CD/DVD devices to be encrypted. Set "EMS Access to unShielded Media" to "Read Only". Choosing either "Read Only" or "Full Access" allows you to decide what removable storage to encrypt.
When done with these changes, click "Save" at the bottom. PCS policies can be set at the "Enterprise", "Endpoint Group", or "Endpoint" levels. Locate the PCS "Policy Settings" screen. In our example, this is in "Endpoint Groups". Again, we need to select the "Windows Encryption" Policy Category.
Then expand the "Port Control System" section to reveal its settings. Ensure the "Class Storage" policy is enabled. This is necessary for the next setting to take effect and is usually "true" by default. Set the PCS policy "Subclass Storage: Optical Drive Control" to "UDF Only".
This forces CD/DVD media to be written in Universal Disk Format with encryption. When done with these changes, click "Save" at the bottom. Again, EMS and PCS policy changes take effect when the endpoints receive a policy update. This concludes the tip on how to configure EMS and PCS policies to enforce encryption for CD and DVD removable media. For additional information contact Dell ProSupport at www.dell.com/support
Thank you.