About Encrypting Devices

You can use the Ivanti Device and Application Control client to encrypt devices from your computer, without the assistance of a network administrator.

You can use the client to perform the following tasks:

• Open portable media.
• Decrypt encrypted removable storage devices.
• Encrypt removable storage devices for Windows and passphrase users.
• Export an encryption key from a removable storage device to a file.

Encrypting CD/DVDs for Multiple Users

Using the Ivanti Device and Application Control client, you can encrypt CD/DVDs for multiple users from a client computer.

Prerequisites:

Insert a CD or DVD for encryption.

You may receive an encryption request notice regarding read/encrypt/write privileges, if the administrator enables the Encryption notification default option. For more information, see The Ivanti Device Control Options Page.

You can specify additional users by passphrase or by Windows^® Active Directory. Advanced encryption options allow you to save or erase all existing data on the device. You may also select encryption options that determine whether the device can be used outside of the corporate network.

1. Depending on your operating system, select Start > My Computer or Start > Computer.
   The My Computer page opens.
   
2. Right-click the CD/DVD label name to encrypt.
   Step Result: The CD/DVD encryption shortcut menu opens.
   
3. Click Create an Encrypted CD/DVD.
   The Secure Volume Browser dialog opens.
   
4. Add the files to the CD/DVD that you want to encrypt.
5. Right-click the CD/DVD label name for encryption.
   The CD/DVD encryption shortcut menu opens.
   
6. Click Burn the CD/DVD.
   After retrieving information for the logged in user, the Add Passphrase dialog opens.
   

Important: In the Name field, Primary User is preselected and shaded because you must enter a the primary user password before proceeding.

7. Type a password in the Password field, and retype the password in the Confirm field.
8. Click OK.
   The Encrypt Medium dialog opens, showing the name of the logged in user and the Primary User passphrase user.

   
   

9. Click Add.

   Important: At least one user who is allowed access to the encrypted device must be listed. For CD/ DVD encryption, one passphrase user is required to be listed.

Options for adding users display.



10. Select one of the following options:
    These options depend upon your environment and configuration.

Option	Description
Passphrase user	Adds a user name with password access.
Windows user	Adds users or groups of users listed in your company directory.

Depending on the option you select, one of the following dialogs opens. If you select Passphrase user, the Add Passphrase dialog opens.




If you selected Windows user, the Select Users or Groups dialog opens.


11. Perform one of the following steps.
12. To add a Passphrase user:
    1. Type a user name in the Name field.
    2. Type a Password in the corresponding field, and then retype the password to Confirm in the corresponding field.
    3. Click OK.
       The user name is added to the list shown in the Encrypt Medium dialog.
13. To add a Windows user in the Enter the object names to select field, enter the names of the users to add to the list, using one of the following formats:

Object Name	Example
Display Name	FirstName LastName
UserName	User1
ObjectName@DomainName	User1@Domain1
DomainName\ObjectName	Domain\User1

1. To verify the object name, click Check Names.
   The object name is verified and underlined when correctly entered.
14. When you finish adding users, click Next.
    The Burning Encrypted Media dialog opens.
    

You may enter a volume label and/or choose to eject the CD/DVD when finished burning.

15. Click Burn.

    Important: Anything shown in red will not be encrypted.

16. When encryption is complete, click Close.
    The CD/DVD is encrypted for the specified users. The encrypted CD/DVD automatically unlocks when inserted on a client computer. When inserting the encrypted CD/DVD on a non-client computer, the user is prompted to enter a password.

    If a valid digital certificate cannot be retrieved for the Windows user you are adding, you receive the following message in the Encrypt Medium dialog: No certificates found; user will not be added.

Managing Device Passwords

You can change and recover user passwords for an encrypted device from the Manage Device dialog of the client.

To manage device passwords for encrypted devices from your computer using the Windows Explorer:

1. Depending on your operating system, select Start > My Computer or Start > Computer.
   The My Computer page opens.
2. Right-click the name of the device listed under Devices with Removable Storage and select Managing Devices.
   The Manage Device dialog opens.
3. Select a user from the list.
4. Click Change.
   The Change Password dialog opens.
5. Type your current password in the Old Password field.
6. Type a new password in the Password field.
7. Retype the new password in the Confirm field.
8. Click OK.
   The Change Password dialog closes and you return to the Manage Device window.
9. Click OK.
   You receive a confirmation message that the password change applies to your device.

Manage Device

You can change user passwords for encrypted devices from the Manage Device window.

1. Click Unlock.
2. In the Unlock Medium dialog, enter the password you used to encrypt the device.

   If the Support older product versions check box is displayed, and there are multiple Passphrase users on the device, you may select this option to use the new password to access the device on computers using older versions of Device Control.

3. Select a User from the list shown.
4. Click Change.
   The Change Password dialog opens.
5. To change your password:
   1. Type your Old Password in the field provided.
   2. Type a new password in the Password field.
   3. Retype the new password in the Confirm field.
6. If you select Advanced Options, the shaded options show how the device was encrypted, as described in the following table.

Option	Description
Encrypted for portable use (128 GB limit)	Allows use of an encrypted device on any computer running Microsoft®Windows®.
Encrypted for internal use (2 TB limit)	Allows use of devices only inside your network on computers that are managed by Device Control.

7. Click OK.
   A confirmation message is sent indicating that the password change has been applied.

Unlocking Media

You can unlock an encrypted removable storage device attached to a computer running the client using Windows Explorer.

1. Depending on your operating system, select Start > My Computer or Start > Computer.
   The My Computer page opens.
   
2. Right-click the name of the device listed under Devices with Removable Storage.
3. Select Unlock Medium.
   RTNotify sends a message to the user confirming that the device is unlocked.
4. Click OK.
   The removable storage device is unlocked.

Opening Portable Media

You can open encrypted removable storage devices as portable media using Windows Explorer.

1. Depending on your operating system, select Start > My Computer or Start > Computer.
   The My Computer page opens.
   
2. Select the name of the device listed under Devices with Removable Storage.
3. Right-click Open as Portable Media Device.
   The removable storage device is shown as open on the My Computer page.

Decrypting Media

Using the Ivanti Device and Application Control client, you can decrypt removable storage devices encrypted by Device Control.

Caution: Decrypting a medium is the same as formatting a medium and all data on the medium will be erased.

1. Depending on your operating system, select Start > My Computer or Start > Computer.
   The My Computer page opens.
   
2. Right-click the name of the device listed under Devices with Removable Storage.
3. Select Decrypt Medium.
   The Ivanti Device and Application Control Decrypt Medium dialog opens.

   Attention: You may be prompted to enter a passphrase for a Passphrase User depending upon the users added when the medium was encrypted.

4. Click OK.
   The removable storage device is decrypted.