Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

281

282

283

284

285

286

287

288

289

290

Manage Policies

274

To configure additional file types to be encrypted:

1. In the left pane, click Populations > Enterprise, enable the Protected Office Documents

policy.

2. In the Data Guardian > Windows technology group, enable the Basic File Protection policy.

Note: This policy applies to the Enterprise population only. Also, if you enable Allow File

Exclusions, users must remove files from the Unprotected Documents folder for these file types

to be swept and encrypted.

3. In Windows technology group’s Basic File Protection Configuration policy field, enter an

application that you want to be encrypted, followed by a colon, for example:

notepad.exe:

4. After the colon, add the file extensions that is encrypted and any processes needed to support

that application. Here are some sample configuration strings that Dell has certified. Only add

essential extensions to prevent performance issues.

wordpad.exe:rtf.odt.txt.png.jpg.csv.bmp

notepad.exe:txt.csv

visio.exe:vsdx.png.jpg.jpeg.jpe.jfif.gif.tif.tiff.bmp

mspaint.exe:png.jpg.jpeg.jpe.jfif.gif.tif.tiff.bmp

sihost.exe:png.jpg.jpeg.jpe.jfif.gif.tif.tiff.rtf.txt.bmp

microsoft.photos.exe:png.jpg.jpeg.jpe.jfif.gif.tif.tiff.bmp

5. For Mobile, copy the extensions from the Windows policy to the Enterprise > Mobile Client >

Basic File Protection Configuration policy. The file extensions in the Mobile policy must

match Windows.

Basic File Protection policy and operating systems

• Windows and Mac: When the policy is enabled, these files are swept and Data Guardian

encrypts all local files with those extensions. Files encrypted with Basic File Protection can only

be viewed and edited using the application associated with the file extension. Mac requires

Force-Protected mode.

• Web Portal: If the Edit Permission policy is enabled for web portal, users can edit them.

Some folders are excluded from Windows’ Basic File Protection sweep and files are not encrypted:

• AppData

• Some System folders

• Folders that relate to protected Office documents, such as the Secure Documents folder

6. If applicable, add these workflows to the policy lists:

• NoRename - add this for Office applications to ensure that if users open them, they

can only save them as an Office file, not as a Basic File Protection file. Here are some

examples:

winword.exe:NoRename.odt.txt.png.jpg.csv.rtf.jpeg.jpe.jfif.gif.tif.tiff.bmp

excel.exe:NoRename.png.jpg.csv.jpeg.jpe.jfif.gif.tif.tiff.bmp

powerpnt.exe:NoRename.png.jpg.jpeg.jpe.jfif.gif.tif.tiff.bmp