Symantec Endpoint Encryption Device Control Policy is not applied in Windows Safe Mode with networking

Article:TECH197801  |  Created: 2012-10-03  |  Updated: 2013-09-13  |  Article URL
Article Type
Technical Solution



The SEE Device Control policy does not apply to the machine or users if Windows is booted in Safe Mode (with networking).



Windows 7, Windows XP in safe mode with networking, SEE-DC 8.2.2.



Safe Mode allows you basic access to the system because it doesn't load any third-party software and drivers. In consequence, the SEE Device Control subsystem is not loaded nor enforced.

This is by design of the operating system. To go around this, you may want to disable Safe Mode.

Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. For more information on backing up the registry see the following article on the Microsoft support site:

How to back up and restore the registry

Open the Registry and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot.

Rename the keys "minimal" and "network" to "minimal.bak" and "network.bak".

Your Safe Mode options won't work anymore. Be sure to disallow users to modify this on their own.
If needed, you can restore the values by renaming the keys to the original name again.


Article URL

Terms of use for this information are found in Legal Notices