Endpoint Encryption

Good day everyone, we have a PGP Universal Server 3.2.1 build 4461 with PGP Desktop 10.2.1 build 4461.  My question is in regard to consumer groups/policies and users being in multiple groups.  We currently use LDAP and membership in security groups to define which groups a user is enrolled in.   

I am curious as to Netshare and the ability to use LDAP, Universal Server, Group keys and access to more than one encrypted/whitelisted file share.

If I had a number of users and I wish to configure multiple groups each with their own consumer policy, can I do the following:  User A is a member of an LDAP security group which includes the user in consumer group 1 with a consumer policy 1. Can user A be added to another LDAP Security group that will put the user into consumer group 2 with a consumer policy 2?  This policy, Policy 2, only defines a netshare whitelisted folder controlled by a group key?  IE will the user get the benefits of both policies they are now configured to be in by way of LDAP security groups?

Or is this a bad model and multiple memberships in multiple consumer groups don't apply?

thank you

Inside the user go to Groups, you then get the option to add the user to groups.  only ONE policy can be applied, it doesnt work the same way as AD inheritence whereby the most restrictive applies.  You will see it would say under groups:

Policy Name 1 (Effective Policy Group)

Policy Name 2

Everyone

So only one policy can be applied to one user at any one time.

It would start to get messy if you do things like this because its quite hidden away,  I would just greate more policy groups to apply.  You need to visualise it if it gets complicated by way of flow charts and things like that if you are dealing with lots and lots of policy groups

Good luck!

unfortunately not all widgets are nurfles though all nurfles are widgets.  This is an area that is going to have to be addressed I believe.  Assigning a netshare to users should be independant from other policies I would think.  I can't create a singular policy that encompasses all of the users because some users have no business getting access to other netshares that are accessed by higher level executives.  Yet all of these users need access to this one share.  I'm going to open a ticket and talk to someone to see how they envision this type of requirement now that group keys are available.

Can I ask,  why do you need to encrypt a folder that all users are able to access?

You can also apply netshare shares directly to a folder, so on a machine with PGP desktop installed right click, PGP Desktop, and encrypt then just add all the executives to that?  Or am I missing something.

there are 5 users, all of the users would be all 5 that need access to this particular share.  However, that is where the similarity ends.  Two of the users also access other shares via two other policies.  so there is a set of 5 users, there are two subsets consisting of one user each and there are three total shares.  User 1 accesses Share A and C, User Two accesses Share A and B and three users access Share A.  This makes the issue users 1 and 2 being granted access to Share A while maintaining access to their already allowed shares without letting others into them.

Hope that clarifies.

If it is that few users, I would recommend manually setting the users on each share.  How do you manage this by way of group policy?  Or dont you?