The "Create an Encrypted CD/DVD" option is grayed out despite proper permissions

Version 1

    Details

    Lumension Endpoint Security Device Control (LDC) 4.3 and higher

    SYMPTOM

    Despite proper permissions set up in the SMC, the Create an Encrypted CD/DVD... option may be grayed out when right clicking on the Sanctuary icon in the system tray or when right clicking on the CD/DVD burner in My Computer.


    ISSUE

    The allocatecdroms value may be improperly set within Windows.  The allocatecdroms value controls access to data on the CD/DVD drive.  A value of 0 allows administrators in the domain as well as LocalSystem to access to the CD/DVD drive whereas a value of 1 restricts access to only the currently logged in user.  If the value is incorrectly set to 1, writing encrypted CDs/DVDs may not work.


     


    Resolution

     

    NOTE: This issue has been resolved in LES 4.6.  If you cannot upgrade to LES 4.6 at this time, you may try one of the below options.

    Option 1

    Check the allocatecdroms value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.  If the value is set to 1, set it to 0 and restart the computer.

    If the machine is on a domain it is also wise to check group policy as this option can be set there.  The policy is Devices: Restrict CD-ROM access to locally logged-on user only and can be found in Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. If the Security Setting is set to Disabled, the above registry value will be 0.  If Enabled, the registry value will be 1.

    Option 2

    Create a new STRING value called BurningLayer in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scomc\Parameters and give it a data value of 2.
    Reboot the endpoint and try to access the “Create an Encrypted CD/DVD” option again.

    Note: BurningLayer is for changing from using IMAPI to IMAPI2 when burning.