Prevent data from being copied to unmanaged computers?
We will have unmanaged computers on our LAN. Users can copy data from either a file server or a managed workstation to an unmanaged workstation as long as they have the required user credentials.
Data could be blocked going out of the local network to the Internet via email etc, but if the unmanaged system is a laptop, they could easily take it away from our network and upload it anywhere from some other network connection.
What are the methods available to prevent DLP flagged data stored on file servers from being copied to workstations that do not have a DLP endpoint agent installed and also prevent copying from a workstation with DLP Endpoint agent to one without the agent via any kind of network file transfer between them?
Also, instead of try to "block" this, is it possible to have these types of events logged into daily reports and pop up a message on the computer with the DLP agent that says something like: "We see that you are copying this data to an unmanged system. Pleae submit your explanation before completing the file transfer."