Applies To: WatchGuard Full Encryption
Full Encryption enables you to centrally configure encryption of the computers in your network.
To configure encryption:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings > Encryption.
- To create and configure encryption options, click Add. For more information, see Encryption Settings.
- Add the recipients (computers or groups of computers) you want to assign the new settings profile to. For more information, see Assign a Settings Profile.
In the default encryption settings profile, the Encrypt all hard disks on computers and the Encrypt used disk space only options are disabled.
Encrypt All Hard Disks on Computers
When you enable the Encrypt all hard disks on computers option:
- All hard disks found on your computers will be encrypted.
- Any computer that was already encrypted will receive the encryption settings specified in Full Encryption.
- If the user decrypts any hard disks, Full Encryption will encrypt them again.
- If the hard disks are already encrypted and you enable the Encrypt all hard disks on computers option, Full Encryption does not re-encrypt devices that are already encrypted. Full Encryption does encrypt any devices that are not already encrypted.
When you disable the Encrypt all hard disks on computers option:
- If Full Encryption was never enabled on the computer, no action is taken.
- If the computer is encrypted by Full Encryption, the computer is decrypted.
Ask for Password to Access the Computer
This option enables password authentication when the computer starts up. Based on the platform and the presence of TPM hardware, two types of password are allowed:
- Devices with TPM: A PIN password is requested.
- Devices without TPM: A passphrase password is requested.
Do not Encrypt Computers with USB Drive for Authentication
This option prevents encryption of computers that use USB devices for authentication.
Only Windows 7 computers without TPM can use the USB authentication method. If the administrator disables the use of USBs, these devices are not encrypted.