This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to disable the "Decrypt" option

We are just starting out to implement a removable media encryption policy within our organization.

One of the restrictions we need to place is not allow any "de-encryption" which is available by right-clicking the media file in windows exploere and selection option Encryption.

We have tried a few basic policy changes, but no success as yet.

 

Many thanks

ash



This thread was automatically locked due to age.
  • Hi Ash,

    this sounds like a topic for the SafeGuard Encryption forum.
    Therefore, I will move this topic.

    Best regards
    Stefan

  • Hi Ash,

    if you´re using the Data Exchange module for removable media encryption, it should be sufficient to set the Device Protection policy setting "User may decrypt files" to "No".
    This lets the context menu in place and the user is still able to check the encryption state of a file, trigger the encryption etc., only the "decrypt file" option is removed.


    If Synchronized Encryption is used, this cannot be handled using a policy. A workaround could be to remove the corresponding registry key.

    When you delete the following key, the complete File Encryption context menu is gone:

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\FEShellx64


    It is a good idea to backup the key, in case you want to add the context menu again at a later point in time.

    You also have to consider that running a repair on the SGN client installer or upgrading to a newer version restores this key as well.

    Hope that helps.

    Cheers

    F.