Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to encrypt folders and grant access to specific users

Created: 01 Mar 2013 | 4 comments

Hi,

We have a web site where users uploads files to a file server for some kind of processing. The web server and the file server are separate windows server 2008 machines.

On the file server, we need to keep the files encrypted. I looked at the tool Symantec Encryption Desktop which seems to suit our requirement

I tried the following:

1. Create keypair for the myself so that I can view the files.
2. Dragged and Dropped a shared folder for encryption
3. Granted access to myself.

If I view try to open any files inside the folder, it opens fine but does not work for other users even though they have access to the shared folder. This is perfectly fine as it was only me who had access to the encrypted content.

But I am unable to find information on how to grant access to specific users.

1. Should the other users who need access also install the Encryption Desktop software
2. If the other user creates his own keypair, how can I grant access to that user?

Please advise.

Thanks,
Ananth

Operating Systems:

Comments 4 CommentsJump to latest comment

Tom Mc's picture

Yes, other users of the NetShare folder will need the Desktop Encryption software.

This video explains how to add NetShare users to a folder. 

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

ananthbv's picture

Hi,

Thanks for the instructions.

You've shown a video of PGP Desktop and adding users to PGP NetShare but what I am trying to use is Symantec Encryption Desktop.

My main question is:

1. If I want to provide access to another user to my encrypted shared folder, should the keypair of that user be stored in some global directory? If yes, please provide instructions on how to do that.

2. Can the user access be integrated with Active Directory? If yes, please provide instructions on this too.

2. Even though you have shown video of PGP Desktop, the same instructions hold good for Encryption Desktop, is that correct?

Unfortunately the video is a bit blur (screenshot attached "video_quality.jpg"). Could you please provide a more clearer version of the video?

video_quality.JPG FileShare.JPG
Tom Mc's picture

The following, from the User's Guide, may help:

User Accounts to a PGP Virtual Disk
The administrator of a PGP Virtual Disk can make it available to other users. Those users can access the volume using their passphrases or private keys.
Make sure the PGP Virtual Disk is not currently mounted, otherwise, you cannot add alternate user accounts.
To add alternate user accounts to a PGP Virtual Disk
1 Click the PGP Disk Control box on the left pane of the PGP Desktop main screen, then select the PGP Virtual Disk to which you want to add an alternate user account.
2 Do one of the following:

To add a new public key user, click Add User Key. The Add Key Users dialog box is displayed.

To add a new passphrase user, click New Passphrase User. The PGP Disk New User dialog box is displayed.
3 Do one of the following:

If you selected Add User Key, in the Add Key Users dialog box, select a public key from the list and click OK.

If you selected New Passphrase User, in the PGP Disk New User dialog box, type the user name, the passphrase for the PGP Virtual Disk you are adding the user to, then type the passphrase again in the PGP Disk New User box and click OK.
The alternate user account is added.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Alex_CST's picture

Endcryption Desktop is PGP Desktop - just a renaming thing with the latest release

It will only integrate with AD if you have a Universal Server (Encryption Server) in the environment

The keypair information doesnt need to be stored globally - it is not required for file encryption locally.  The public keys get stored inside the netshare folder (you just cant see them)

Please mark posts as solutions if they solve your problem!

http://www.cstl.com