Using the Encrypt Medium Utility
The Encrypt Medium utility provides a wizard that allows you to select encryption options to easily encrypt a removable storage device that can be used with or without a network connection.
Using the Encrypt Medium utility you can:
- Select an encryption access method that determines whether the removable storage device can be used inside (non-portable encryptions) or outside (portable encryption) of your corporate network.
- Assign user access for Windows® Active Directory users or password users.
- Save or erase existing data stored on the device.
- Securely erase unused space on the device.
- Upgrade the encryption on devices encrypted using a Citrix virtual endpoint.
The wizard pages that a user can access, based the Encrypt Medium utility configuration options, are described by the following process flow. See Setting Encrypt Medium Utility Options for additional information about using the default options that govern encryption.
1 Select Access Method
The Select Access Method page is available for non-portable and the combined portable-non-portable encryption access options that are configured by the network administrator as follows.
- The Microsoft CA Key Provider default option value is set to Disabled.
- The encryption permissions are set to Encrypt and Export to Media.
2 User Access to Device
The User Access page is not available when the non-portable encryption access options are configured by the network administrator as follows.
- The Microsoft CA Key Provider default option value is set to Disabled.
- The encryption permissions are set to Encrypt only.
3 Add Additional User
The Add User page is only available when a user can access the User Access to Device page.
4 User List
The User List page is only available when a user accesses the Add User page.
5 Data Integrity
The Data Integrity page is available as follows.
- Data must be stored on the removable storage device.
- The Encryption Retain Data default option set to Selected or Unselected.
- The user must have Read permission.
6 Secure Unused Space
The Secure Unused Space page is available as follows.
- The Clear unused space when encrypting default option set to Disabled.
7 Start Encryption
The Start Encryption page is always available to users in any encryption scenario.
- Setting Encrypt Medium Utility Options
The Encrypt Medium utility options that the user sees on the client are governed by the Device Control default options set by the administrator. - My Computer Page
You launch the Encrypt Medium utility from the Windows My Computer page. - Select Access Method Page
The Select Access Method page provides options for encrypting devices based on device volume size. - User Access to Device Page
The User Access to Device page allows you to specify a user name and password to provide easy access to the encrypted device. - Add User Page
The Add Additional User page allows you to add users by user types that can access the encrypted device. - User List Page
The User List page provides the opportunity to review the user access list and add other users as necessary. - Data Integrity Page
The Data Integrity page provides options to save or delete files during the encryption process that are currently stored on the device. - Secure Unused Space Page
The Secure Unused Space page provides the option to permanently erase files and securely remove data from unused sectors on the device to prevent unauthorized data recovery. - Start Encryption Page
The Start Encryption page shows a summary of the users and encryption method options selected for encrypting the specified device.