Settings for enforced encryption

The default enforced encryption rule is always available. If required, you can create additional rules for specific logged on users, groups, computers or networks. See the Use cases for more information.

When editing the first encryption rule, a description is already entered on the General tab. Add a comment and your own text, which is displayed in the user selection dialog.

On the Settings tab you can use the default settings or select the following options:

• Use administrative password. Don’t prompt user: If you enable this option, the storage device will be encrypted with the administrative password only. Users are not prompted to enter their own password during encryption.
• Prompt user for encryption password: This setting prompts the user for their own password.

• Use random password: With this option, a random password is generated but not saved. To unlock, please add the corresponding users or computers on the tabs Automatic unlock user or Automatic unlock computer. Please note that these can only be added from the AD inventory.

  This option requires that you have set an administrative password in the Encrypted drive recovery rules.

• Encryption: Select the appropriate encryption method. Please note the following:

  • The default option is AES (256 bit key length).
  • Select AES (128 bit key length) if compatibility with older systems is critical for you.
  • AES-XTS (128 or 256 bit key length) encryption methods are only available for Windows 10 1511 and higher. Drives encrypted with XTS AES cannot be accessed on older versions of Windows.