File Share Encryption

 View Only

  • 1.  decryping/encrypting using run-as script using a system account.

    Posted Jul 12, 2012 11:34 AM

    Good Day,

    I'm currently testing PGP Netshare on some of our sensetive HR data. For sometime now we have had a process, a script, setup that automatically will take a file from an HR share, process that file and dump it into a SQL database. Now with PGP netshare coming into the scene, I need to automate the encryption and decryption process. I created some batch scripts using the decrypt/encrypt command line. The problem I'm having is with the account that is actiually used to access that data. This run-as script exectutes as a AD service account. This service account really has no rights to the HR folders and is not acually accessing and reading the data though, it's just executing the scripts that tells the system account to process the file. So my questions is, how do I add a system account to the PGP Universal servers users? I already manually added a account as computername$ but obviously I don't have a managed key and the account can't be enrolled in anyway. Is it even possible to add a system account into PGP netshare and can it work with just a unlock command line?

     

    Thanks  

     



  • 2.  RE: decryping/encrypting using run-as script using a system account.

    Posted Jul 12, 2012 04:44 PM

    Do you have PGP Commandline? If so you could use it to create the necessary keys to be able to add to a share using either a AD Group Key or manually adding it to the share. You could also do the same by enrolling onto any PGP Desktop client using the AD system account to create a set of keys.

     



  • 3.  RE: decryping/encrypting using run-as script using a system account.

    Posted Jul 13, 2012 11:03 AM

    How do you enroll with a local server system account?



  • 4.  RE: decryping/encrypting using run-as script using a system account.

    Posted Jul 13, 2012 01:51 PM

    You mentioned you created an account. I assumed you referring to a AD account which you can use to enroll onto any computer to generate a key. Adding this key to Netshare\share you should be able to add\edit or whatever the NTFS permissions necessary for your transactions.
    Have you taken a look at the Netshare comman dline options?

    http://www.symantec.com/business/support/index?page=content&id=DOC4648&actp=search&viewlocale=en_US&searchid=1342201775268



  • 5.  RE: decryping/encrypting using run-as script using a system account.
    Best Answer

    Posted Jul 19, 2012 12:16 PM

    The account I created was on the PGP universal server, added internal user only. I don't think a local server system account can be enrolled since you can't acually log on with it since it really has no password. I think I'm just not going to be able to do this unlocking / encryption / decryption using a local server system account.

     

    Thanks for the help anyway.