A policy enables an administrator to control how PK Protect is used—particularly with respect to encrypting and digitally signing files. By applying a policy, an administrator can lock selected PK Protect options to desired settings.
When an option is locked, the check box or other control ordinarily used to set the option is disabled and grayed. Controls are also grayed if they are incompatible with some locked setting.
For example, to ensure that email attachments are always encrypted, an administrator can apply a policy that locks the settings of two PK Protect options relating to Mail: Zip attachments and Encrypt attachments. PK Protect will then always zip and encrypt Outlook email attachments until those options are unlocked and turned off.
How Locks Are Set
Locks on options are set by defining a policy in PEM Administrator. Policy locks are not set from PK Protect.
Options That Can Be Locked
The table below lists the options that can be locked by a policy. Options in the table are organized in these main groupings:
Desktop Application: Options that only affect operations that do not concern email.
Shared Settings: Options that affect both operations that do concern email and operations that do not. For example, the setting for Compression method is shared and affects both.
Other: Options affecting general application behavior and integration with MS Office applications other than Outlook.
Security options, ZIP and OpenPGP pages
Security options, ZIP and OpenPGP page
Note: When an existing archive that contains encrypted file names is updated, the encryption method and algorithm originally used to encrypt the file names take precedence over any different settings for method and algorithm that are locked. An archive with encrypted file names retains its original encryption when it is updated.