GFI OneGuard can detect storage devices encrypted with Microsoft BitLocker. When this option is selected, the encryption is performed by the operating system. This option only enables you to configure different permissions on such devices.

To enable Microsoft BitLocker detection:

1. Login to the GFI OneGuard PlatformThe main component of GFI OneGuard that connects all the services offered by the product and the database that stores all collected information..
2. Go to Manage > DevicesMachines connected to a network that have been discovered by GFI OneGuard..
3. Select the entire Network or a specific group.
4. Go to Services > EndPoint ControlService used by GFI OneGuard to control access to devices.
5. Click Add Rule.
6. Under Encryption Turn On Enable Device Encryption and check Windows BitLocker Encryption.

BitLocker encryption options

7. Specify the type of access the user should have to the device. The options are:

Option	Description
Read	User can open the files, but cannot edit or delete them.
Write	User can open and edit files. Users cannot run executable files.
Full	Full permissions including running executable files.

8. Specify the type of restrictions for file types. The options are:

Option	Description
Use the same file type used for non-encrypted devices	When this option is select the settings for the file type filtering used in the policy is applied.
Allow all files but block the usage the following files	This option overwrites the file type settings of the policy and allows all the files except those listed.
Block all files but allow the usage the following files	This option overwrites the file type settings of the policy and blocks all the files except those listed.

9. Click Apply.

Volume Encryption enables you to encrypt the contents of USB devices using AES 256 encryption. When volume encryption is enforced, users must provide a password to encrypt or access storage devices data.

To enforce Volume Encryption on installed agentsA GFI OneGuard component that runs as a background service on target devices and handles the deployment of patches, service packs and software updates.:

1. LLogin to the GFI OneGuard Platform.
2. Go to Manage > Devices.
3. Select the entire Network or a specific group.
4. Go to Services > EndPoint Control
5. Click Add Rule.
6. Under Encryption Turn On Enable Device Encryption and check Volume Encryption.

Volume encryption options

7. Enter a password under Specify a volume password. This is the administrator password that is required to reset a password of a device if the user loses it.
8. Enter a numeral under Minimum password length. That value is applied when the user enter a password when encrypting a new device.
9. Select the Type of Encryption. The options are:

Option	Description
AES-128	This encryption algorithm is less secure, but uses less disk space for the encryption and the process of initial encryption is completed in less time. A better option for devices with little disk space.
AES-256	This encryption algorithm is more secure, but uses more disk space for the encryption and more time for the initial encryption. A better option when security is a concern and there is enough disk space.

10. Check the option to Copy Travellers application to enable this feature. The Traveler Application enables users to access encrypted content when they are away from the office and in locations where the EndPoint Control agentA GFI OneGuard component that runs as a background service on target devices and handles the deployment of patches, service packs and software updates. is not installed.
11. Click Apply.