Environment: EEFFv4.2 running on ePO 4.6.6. EEFF itself running on Win7 Pro SP1 32-bit.
I am new to EEFF, and currently have version 4.2 deployed on a lab Win7 VM host running in VMWare Workstation. With respect to the 'Removable Media (UBP)' category I have tested the following protection levels via Policy Assignment Rules:
Allow Encryption (with offsite access): When policy is assigned, I copied an exe from USB to local disk, and vice versa successfully
Enforce Encryption (with offsite access): When policy is assigned, user was forced to encrypt with a password (if user didnt, device was then Read Only). Files could then be copied from USB to local disk and vice versa. When USB inserted into another host, password had to be entered before files were accessible.
Enforce Encryption (on site access only): Encryption key set to 'Key1' and 'ignore existing content' selected. I also ensured that the 'Grant Keys (UBP)' policy assigned included this Key. It was a regular key created in EEFF Keys. This was slightly problematic - nothing seemed to happen when USB was connected. I could then copy files from USB, but when trying to copy a file to the USB, I received the error below.
- EEFF v4.2 Product Guide p18 advises that when 'allow encryption (with offsite access)' is selected, no further unencrypted data can be written to the device. This differs to what I have noted, as I could still write unencrypted files to the USB device. Are my results expected?
- Same Product Guide page advises that when 'enforce encryption (onsite access only)' is selected, EEFF encrypts the files and folders with the selected key while copying to the USB device. As I have selected a key, and that key has been granted to the user, I am not sure if there are any further steps I need to take or if this is another issue - thoughts?
- In EEFF console, when I am testing 'enforce encryption (onsite access only)', the status report shows the following:
- Available Keys: <none>
- Removable Media Policies: Allow unprotected access
This remains the same even when assigning 'enforce encryption (with offsite access)' - I know the correct policy is assigned as I get prompted to encrypt (and if I dont, the device is read only).
Does the EEFF console only reflect the policy that is assigned to the system itself in ePO? If so, this potentially makes troubleshooting a little irksome!
As said, I am new to this, so there may be steps I am missing. I cant seem to find anything more to help me in either the Product Guide or the ePO help files. I have just seen DOC-4473 (EEFF 4.2 POC Guide) so will have a wee gander through that also!