Policies of type No encryption

Where policies are assigned along a hierarchy chain, the policy closest to a target object (user/computer) is the highest ranking. This means that as the distance to the target object increases a policy will be superseded by any policies that are closer. Policies of type No Encryption can be used to interrupt the inheritance of encryption policies at certain locations in the hierarchy chain. For subordinate levels the No Encryption policy will be valid as well.

Depending on module and version, the behavior of the endpoints varies.

Endpoints with Synchronized Encryption

Policies of type Application-based (Synchronized Encryption) are NOT merged. The policy closest to the target object (user/computer) in a hierarchy chain is always applied. If it is the closest, a No encryption policy will become effective.

Endpoints with File Encryption version 8

Policies of type Location-based are merged. If several policies are assigned, their content is evaluated according to certain rules, see Rules for assigning and analyzing policies. For the Resulting Set of Policies (RSOP) see, Location-based File Encryption policies in the RSOP. Within an assignment, the policy with the highest priority (1) ranks above a policy with a lesser priority. If it has the highest priority, a No encryption policy will become effective.

Endpoints with File Encryption below version 8

A No encryption policy has no effect on these endpoints. Endpoints with File Encryption 7.0 and lower do not recognize the Encryption Type setting. Rules from all File Encryption policies of type Location-based apply.
Note: This is particularly important if you have to handle endpoints of version 8 and older versions simultaneously.