Encryption policy is a group of settings available for the JCM administrator to manage encryption on all local volumes and removable devices on client computers. The encryption policy is implemented using BestCrypt Volume Encryption software installed on client computers.

Encryption policy includes the following settings:

  • Policy name
  • Fixed drive action. The following actions are possible:
    • Encrypt

      If this option is set, the user on the client computer will be asked to enter a password to start encryption process. All the local volumes will be encrypted. However, mapped network drives will not be encrypted.

    • Decrypt

    • Manage locally - it means that JCM administrator transfers the right to manage encryption on the computer to local user.

  • Settings for removable devices:
    • 🗹 Encrypt

      If a removable device (i.e. a USB drive) is connected to the computer and this option is checked, the user will be asked to enter a password to start the encryption of the removable device. If the user refuses to encrypt, access to the disk will be restricted according to the selected options listed below. If the option is disabled, the user won't be forced to encrypt the removable device. For an encrypted removable drive, the user will be able to enter password to either decrypt or continue using it.

    • 🔘 Read-only access if media is not encrypted
    • 🔘 Block access if media is not encrypted

  • Encryption algorithm. In can take the following values:
    • AES
    • RC6
    • Twofish
    • Serpent
    • Camellia
    • ARIA

  • Options:
    • 🗹 Allow Single-SignOn (for Windows clients only)

      When enabled, end users are offered to activate automatic enrollment into Windows after entering boot-time encryption password (a.k.a Single-SignOn). This setting is not enforced and can optionally be declined by the end user or altered via BestCrypt Volume Encryption Client interface.
      When not enabled, Single-SignOn that has previously been set up will be deactivated and end users will be disallowed to enable Single-SignOn via BestCrypt Volume Encryption Client interface.

    • 🗹 Encrypt used space only (for Windows clients only)

      Performs automatic encryption only for disk space occupied by files. Applies to both Fixed and Removable media.
    • 🗹 Encrypt volumes without drive letter (mount points)


To create a new encryption policy, click Add new policy hyperlink in the right part of encryption policies list presented on the Company page. The following dialog will appear:




Set all the settings and click Add

To edit an existing encryption policy, click on the policy name in the list of encryption policies presented on the Company page. The following dialog will appear:




Make any desired changes and click Save