You need to prevent users from copying unencrypted files to removable drives.

You have a computer that runs Windows 7.

You need to prevent users from copying unencrypted files to removable drives.

What should you do?

A.
From a local Group Policy, modify the Trusted Platform Module (TPM) settings.

B.
From the Trusted Platform Module (TPM) snap-in, initialize TPM.

C.
From Control Panel, modify the BitLocker Drive Encryption settings.

D.
From a local Group Policy, modify the BitLocker Drive Encryption settings.

Explanation:
In Windows 7, you can enable Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. The policy settings you use for this are:

* Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Deny write access to fixed drives not protected by BitLocker
* Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker

When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only.

If you are concerned that your users might inadvertently store data in an unencrypted drives while using a computer that does not have BitLocker enabled, use access control lists (ACLs) and Group Policy to configure access control for the drives or hide the drive letter.