How can I prevent users on a network from storing data on an unencrypted drive?
In Windows 7, you can enable Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. The policy settings you use for this are: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Deny write access to fixed drives not protected by BitLocker Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only. If you are concerned that your users might inadvertently store data in an unencrypted drives while using a computer that does not have BitLocker enabled, use access control lists (ACLs) and Group Policy to configure access control for the drives or hide the drive letter. For additi
Related Questions
- In both cases, the ".mde" file must reside on the network server or on a shared drive with the appropriate users given read / write permissions. See also What should I download?
- How can I prevent users on a network from storing data on an unencrypted drive?
- Can multiple users search keywords or annotations in images on a network drive?
