6.18 Removable Storage Authorization Policy
To manage the use of removable drives within the enterprise and prevent leaks of confidential data, administrators can assign different permissions to different drives. Files copied to removable drives can also be encrypted, ensuring they can only be opened in authorized environments.
Before creating policies, administrators should categorize all removable drives in the organization. Refer to Classification Management → Removable Storage Classification for guidance.
Removable Storage Types and Permissions:
| Attribute |
Description |
| Removable Storage Type |
Default is "All." Use the dropdown to select Encrypted Drives, Non-encrypted Drives, or Secure USB Drives. Policies apply only to the selected type. |
| Readable |
Allows any application to read the drive in read-only mode. Only if this is selected are the following three attributes effective. |
| Auto Decrypt |
Allows files copied from the removable drive to local or network locations via File Explorer to be automatically decrypted. Other applications cannot auto-decrypt. |
| Writable |
Allows any application to write to the removable drive. If not selected, copying, saving, deleting, or renaming files on the drive is prohibited. Auto encryption is only effective if this is selected. |
| Auto Encrypt |
Prevents any program other than File Explorer from writing to the removable drive. Files copied via File Explorer are automatically encrypted. |
| Removable Storage Category |
Default is <All>, covering all drives. To target specific drives, select a category or a specific drive in the classification list. |
| Device Description |
Match drives by device description. |
- Tips: For strict control, set all drives in the network to read-only first. Then, assign department- or user-specific permissions, allowing read/write access only to drives belonging to their category, with automatic encryption/decryption. This ensures drives are usable within departments while preventing unauthorized access from other departments. External drives can be set to read-only.
Note:
- If both Document Control Policy and Removable Storage Authorization Policy are configured, the Document Control Policy executes first, followed by the Removable Storage Authorization Policy.
- Example: If a drive is allowed read/write and encryption via the storage policy, but the document policy forbids copying Word files to removable drives, the final result prevents Word files from being copied, while other files are copied with automatic encryption.
Don't see what you're looking for?
