You have a computer that runs Windows 7. You need to prevent users from copying unencrypted
files to removable drives. What should you do?
A.
From the Trusted Platform Module (TPM) snap-in, initialize TPM.
B.
From Control Panel, modify the BitLocker Drive Encryption settings.
C.
From a local Group Policy, modify the BitLocker Drive Encryption settings.
D.
From a local Group Policy, modify the Trusted Platform Module (TPM) settings
Explanation:
How can I prevent users on a network from storing data on an unencrypted drive?
In Windows 7, you can enable Group Policy settings to require that data drives be
BitLockerprotected before a BitLocker-protected computer can write data to them. The policy
settings you use for this are:
Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive
EncryptionFixed Data DrivesDeny write access to fixed drives not protected by BitLocker
Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive
EncryptionRemovable Data DrivesDeny write access to removable drives not protected by
BitLocker
When these policy settings are enabled, the BitLocker-protected operating system will mount any
data drives that are not protected by BitLocker as read-only.
If you are concerned that your users might inadvertently store data in an unencrypted drives while
using a computer that does not have BitLocker enabled, use access control lists (ACLs) and Group
Policy to configure access control for the drives or hide the drive letter.