Video Screencast Help

How do I encrypt a folder/share w/o installing netshare on every node?

Created: 21 Sep 2012 | 2 comments
Chris Stark's picture

How do I protect a folder/share from prying eyes, where most of the personnel have domain admin level rights? We cannot install and license netshare desktop on every machine as we have hundreds of servers/desktops. 

If just one machine doesnt have netshare, then they can get in and go ntfs and get to the documents as a domain admin.

 

Am I missing something about the product's abiltiies?

 

 

Comments 2 CommentsJump to latest comment

Tom Mc's picture

NetShare does not have anything to do with preventing access to its protected files - this is an operating system issue.  However, if someone is not a NetShare enabled user of a protected folder, the file(s) remains encrypted when he/she accesses them; so the content of the protected files is protected.  When a NetShare authorized user accesses files in the protected folder over the network, it is transmitted to the user's computer in the encrypted state, and decrypted on the local machine. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Alex_CST's picture

Chris,

If a folder is encrypted with netshare, it will automatically make it unavailable via NTFS permissions.  But if a domain admin revokes those NTFS permissions (which they can as domain admins) they can get access to the files.  The files will be complete nonsense however, as they sit there encrypted, so it will be completely incomprehensible.  

 

PGP Desktop only needs to be on machines where access to these encrypted files is necessary and is meant for highly confidential information, if you need to have it on hundreds of machines, you might want to look at a Universal Server with it for ease of management.

The real ROI comes from provable deniability when it comes to data leakage and compliance, feel free to message me with your current environment and I can tell you what you need :)

Please mark posts as solutions if they solve your problem!

http://www.cstl.com