I am having trouble with the boot only option. I am running Endpoint Encryption 1.0.2 through the EPO.
I have successfully created a policy to encrypt all disks. My problem is that we have several users who connect eSATA external drives to their machines and I would like to avoid encrypting those.
I created a new subgroup and a policy to encrypt "Boot Only" , however, when a system is placed in that subgroup it decrypts all disks.
Is there an option I am missing?
no - you are caught in the KISS trap. an eSATA drive is not a removable drive as far as the OS is concerned, so EEPC encrypts it. But, with the "boot only" mode, you run the risk that if the machine is not booting off the primary partition (W7 etc) then the user partition gets decrypted.