Ok, started work on a policy to allow certain USB keys to be used.

So i've scanned the relevant key and added it to the Storage Device Control "Preferred Devices" list, and this works fine on my test machine with the policy applied to the user.

This preferred device is accessible, and others aren't = good.

Ok, so expanding on this, wanted to enable encryption for removable storage devices, so enabled that, enabled "via password" and folder name of "SafeStore", and tick in box to force reboot.

Applied policy to test machine, it updated, forced a reboot etc.

Plug the approved USB key in and you get the "warning about to encrypt" prompt. Again, good.

New folder has appeared on the USB key called SafeStore = good.

Putting a document in this folder prompts for a password = again, good.

Now then, if I take this key to a machine that DOESN'T have ZESM installed, how do I get access to the document? I can see it there, but when I try to open the doc its just rubbish.

How does the decryption work? Shouldn't there be a prompt to decrypt, or am I missing something?