Lumension Endpoint Security Device Control (LDC) 4.3 and higher
Despite proper permissions set up in the SMC, the Create an Encrypted CD/DVD... option may be grayed out when right clicking on the Sanctuary icon in the system tray or when right clicking on the CD/DVD burner in My Computer.
The allocatecdroms value may be improperly set within Windows. The allocatecdroms value controls access to data on the CD/DVD drive. A value of 0 allows administrators in the domain as well as LocalSystem to access to the CD/DVD drive whereas a value of 1 restricts access to only the currently logged in user. If the value is incorrectly set to 1, writing encrypted CDs/DVDs may not work.
NOTE: This issue has been resolved in LES 4.6. If you cannot upgrade to LES 4.6 at this time, you may try one of the below options.
Check the allocatecdroms value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. If the value is set to 1, set it to 0 and restart the computer.
If the machine is on a domain it is also wise to check group policy as this option can be set there. The policy is Devices: Restrict CD-ROM access to locally logged-on user only and can be found in Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. If the Security Setting is set to Disabled, the above registry value will be 0. If Enabled, the registry value will be 1.
Create a new STRING value called BurningLayer in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scomc\Parameters and give it a data value of 2.
Reboot the endpoint and try to access the “Create an Encrypted CD/DVD” option again.
Note: BurningLayer is for changing from using IMAPI to IMAPI2 when burning.