Encryption settings

Accessing the settings

  • From the top menu, select Settings. From the side menu, select Encryption.

  • Click the Add button. The settings page opens.

Required permissions

Permission Access type

Configure computer encryption

Create, edit, delete, copy, or assign encryption settings profiles.

View computer encryption settings

View encryption settings profiles.

Permissions required to access the encryption settings

Cytomic Encryption settings

Encrypt all hard disks on computers

Specify whether the computers will be encrypted or not. Depending on the previous status of a computer, the way that Cytomic Encryption behaves varies:

  • If a computer is encrypted with Cytomic Encryption and you disable Encrypt all hard disks on computers, all encrypted drives are decrypted.

  • If a computer is encrypted with a product other than Cytomic Encryption, and you disable Encrypt all hard disks on computers, there are no changes.

  • If a computer is encrypted with a product other than Cytomic Encryption, and you enable Encrypt all hard disks on computers, the internal encryption settings are adjusted to match the encryption methods supported by Cytomic Encryption, thereby avoiding re-encrypting the drive. For more information, see Encryption of previously encrypted drives.

    With macOS computers, a new recovery key is generated. See Encryption and decryption on macOS computers

  • If a computer is not encrypted, and you enable Encrypt all hard disks on computers, all the computer drives are encrypted. See Encryption and decryption on Windows computers and Encryption and decryption on macOS computers.

Ask for password to access the computer (Windows computers)

Enable password authentication when a computer or device starts. Depending on the platform and whether there is TPM hardware, two types of passwords are permitted:

  • Computers with TPM: Require a PIN type password.

  • Computers without TPM: Require a passphrase.

If you disable this option and the computer does not have access to a compatible TPM security processor, the disks are not encrypted.

Do not encrypt computers that require a USB drive for authentication (Windows computers)

To prevent the use of USB devices supported by Cytomic Encryption in authentication, you can disable them.

Only Microsoft Windows 7 without TPM can use USB authentication. If you disable USB devices, these computers are not encrypted.

Encrypt used disk space only (Windows computers)

To minimize the encryption time, enable Encrypt used disk space only to only encrypt sectors of the hard disk that are used. Sectors released after a file is deleted remain encrypted, but the space that was free before encryption of the hard disk remains unencrypted. It will be accessible to third parties with tools to recover deleted files.

Prompt for removable storage drive encryption (Windows computers)

When a user inserts an unencrypted removable drive in a computer that has Microsoft BitLocker technology enabled, they receive a prompt to encrypt its contents. For more information about this setting, see Encrypting and decrypting external hard drives and USB drives.