(Optional) You can display an explanatory message to users when the CFSA denies Write access to a specific target, such as a removable device or sync folder. This message typically warns users that they are not permitted to save files to the target.
When is This Message Shown?
The CFSA displays this message if Write access to the target is denied by machine policy or the user is not using a policy-enabled application:
The machine policy includes a Data In Use Protection folder plus subfolders. Settings in these folders determine the handling for removable devices, network locations, and sync folders. For example, CA Data Protection may handle a specific network folder as Read Only. Other settings in these folders identify 'trusted applications' which are exempt from policy control. If a user tries to save a file to the target using a trusted application, Write access is granted. If the user uses any other application, Write access is denied.
These are applications that the CFSA can integrate with to apply user policy. If a user copies a file using a policy-enabled application and the target handling is set to ‘Apply user policy’, the CFSA applies Data In Motion triggers to the file.
If the target handling is set to 'Apply user policy' but the application is not policy-enabled, the CFSA blocks the file. From the user's viewpoint, the target is set to Read Only.
Important! The only policy-enabled applications recognized by the CFSA in the current release are: Windows Explorer (including drag and drop copying); DOS commands such as copy and xcopy; Wordpad.exe; and Notepad.exe.
Available Settings
Find the Access Denied Message subfolder in the \Extensions\Client File System Agent folder. This subfolder contains the following settings:
Use Title and Message settings to provide a notification message for users, explaining that they will be unable to save changes to the current file.
The Frequency setting determines how often this message is shown. You can set the message to never display, or to display:
A user only sees the message once in a Windows session. This happens the first time that CA Data Protection denies Write access when a user tries to copy or save a file to a target.
(Not applicable to file sync operations) The message is shown if a user plugs in a USB drive or SD card, for which the CA Data Protection device handling is Read Only. The user only sees the message when they first open a file from that device.
A user sees the message when they open a file from a target for which the CA Data Protection handling is Read Only.
The message is shown only once per application per Windows session.
For example, the message is shown if a user opens a Microsoft Word document stored on a 'read only' USB drive. If the user restarts Word and opens the document again, the message is not shown.
A user sees the message each time they open a file from a target for which the CA Data Protection handling is Read Only.
As above, the message is shown if they open a Microsoft Word document stored on a 'read only' USB drive. But if the user restarts Word and opens the document again, the message is shown again.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|