You have a computer that runs Windows 7. You need to prevent users from copying unencrypted files to removable drives.
What should you do?
A.
From the Trusted Platform Module (TPM) snap-in, initialize TPM.
B.
From Control Panel, modify the BitLocker Drive Encryption settings.
C.
From a local Group Policy, modify the BitLocker Drive Encryption settings.
D.
From a local Group Policy, modify the Trusted Platform Module (TPM) settings.
Explanation:
How can I prevent users on a network from storing data on an unencrypted drive?
In Windows 7, you can enable Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. The policy settings you use for this are:
- Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionFixed Data DrivesDeny write access to fixed drives not protected by BitLocker
- Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionRemovable Data DrivesDeny write access to removable drives not protected by BitLocker
When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only.
If you are concerned that your users might inadvertently store data in an unencrypted drives while using a computer that does not have BitLocker enabled, use access control lists (ACLs) and Group Policy to configure access control for the drives or hide the drive letter.