Symantec Endpoint Encryption Device Control Policy is not applied in Windows Safe Mode with networking

Article:TECH197801  |  Created: 2012-10-03  |  Updated: 2013-09-13  |  Article URL http://www.symantec.com/docs/TECH197801
Article Type
Technical Solution


Environment

Issue



The SEE Device Control policy does not apply to the machine or users if Windows is booted in Safe Mode (with networking).

 


Environment



Windows 7, Windows XP in safe mode with networking, SEE-DC 8.2.2.

 


Solution



Safe Mode allows you basic access to the system because it doesn't load any third-party software and drivers. In consequence, the SEE Device Control subsystem is not loaded nor enforced.

This is by design of the operating system. To go around this, you may want to disable Safe Mode.

Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. For more information on backing up the registry see the following article on the Microsoft support site:

How to back up and restore the registry

Open the Registry and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.

Rename the keys "minimal" and "network" to "minimal.bak" and "network.bak".

Your Safe Mode options won't work anymore. Be sure to disallow users to modify this on their own.
If needed, you can restore the values by renaming the keys to the original name again.

 




Article URL http://www.symantec.com/docs/TECH197801


Terms of use for this information are found in Legal Notices