Another thing my boss would like me to implement is multiple policies regarding the FRP when dealing with externally connected USB devices. In particular, he would like the following:
1) If people connect their smartphones to their laptops , he does not want them to be encrypted. Is there a way of forcing smartphones to be seen as read only USB storage, or is the Mcafee FRP not sophisticated enough to distinguish storage on USB connected Android or Windows smart phones, and do this?
2) It takes several minutes to encrypt a USB drive that is just 8GB in size. Obviously, you can get USB drives that are vastly larger. Is it possible to have different policies depending on the size of the USB disk? What I have in mind is that drives over 64GB will just be blocked from being writable for most people, with a secondary policy that will allow large USB disks to be writable / encrypted for a few individuals e.g. web developers.