Encrypt Removable Media

An administrator must add removable storage media to the database before encryption takes place. During encryption a unique cryptographic identifier is written to the device, which is then encrypted.

Prerequisites

For encryption to work successfully, the following conditions must be met:

Use Microsoft Windows Active Directory domains for:
- Microsoft Windows 2003^®R2
- Microsoft Windows 2008^®
- Microsoft Windows Server 2012^®R2
The administrator must have administrative rights for the computer where encryption takes place.
A Microsoft Certification Authority^® is available and published.
An Ivanti Device and Application Control client is installed on the same computer as the Management Console where encryption takes place.
Attach the removable storage media to the client computer and use the Device Explorer to add the device to the database.

During encryption, a unique cryptographic identifier is written to the device that encrypts the device.

Connect the medium to the computer being used for encryption.
In the Management Console, select View > Modules > Media Authorizer > Users by Medium tab.
Click Add Removable.
The Add Removable Media dialog opens.
From the Drive drop-down list, select the letter corresponding to the drive you are encrypting.
In the Description field, enter a free text description.
In the Label field, enter a label (maximum 11 alphanumeric characters) that will be used after the medium is formatted.
From the Encryption drop-down list, select one of the following options:

Encryption Method	Description
Full & Slow (secure for existing data)	Encrypts the media and preserves any existing data stored on the device. Encryption is applied to all free sectors of the media. All data is encrypted. Requires using the Stand-Alone Decryption tool (SADEC) for access to the media from non-Ivanti Device and Application Control computers. This method is the most secure for encryption and can be very slow.
Quick Format (insecure for existing data)	Encrypts the media and removes all existing stored data. All data stored on the device is erased. Requires using the Stand-Alone Decryption tool (SADEC) for access to the media from non-Ivanti Device and Application Control computers. This quick encryption method is not recommended for media containing sensitive data.
Easy Exchange (insecure for existing data)	Encrypts the media quickly and removes all existing stored data. Allows access to the media from non-Ivanti Device and Application Control computers. The encryption is done in a single file or multiple files (depending on removable media capacity) using a FAT structure. Tip: When you encrypt media using the client (decentralized encryption) you may opt to retain existing data during encryption.

Encryption Method

Description

Full & Slow (secure for existing data)

Encrypts the media and preserves any existing data stored on the device.
Encryption is applied to all free sectors of the media.
All data is encrypted.
Requires using the Stand-Alone Decryption tool (SADEC) for access to the media from non-Ivanti Device and Application Control computers.

This method is the most secure for encryption and can be very slow.

Quick Format (insecure for existing data)

Encrypts the media and removes all existing stored data.
All data stored on the device is erased.
Requires using the Stand-Alone Decryption tool (SADEC) for access to the media from non-Ivanti Device and Application Control computers.

This quick encryption method is not recommended for media containing sensitive data.

Easy Exchange (insecure for existing data)

Encrypts the media quickly and removes all existing stored data.
Allows access to the media from non-Ivanti Device and Application Control computers. The encryption is done in a single file or multiple files (depending on removable media capacity) using a FAT structure.

Tip: When you encrypt media using the client (decentralized encryption) you may opt to retain existing data during encryption.

Click OK.
The removable storage medium is encrypted and added to the database.

Encrypt Removable Media

Related Tasks