Endpoint Encryption

 View Only

  • 1.  Unable to decrypt files from a NetShare

    Posted Mar 05, 2012 06:47 PM

    I have a set of users who are unable to decrypt Netshare files.  They receive the following error:

    They can access/open the files but are unable to remove the encryption.  One of the users has a corrupt PST file and we are trying to remove the encryption so that we can run PST repair tools on the file.

    Any ideas?

    Thanks



  • 2.  RE: Unable to decrypt files from a NetShare

    Posted Mar 05, 2012 07:11 PM

    They have access to the folder, which is determined by the operating system.  Have they been added as Netshare Users for the folder?  If so, has the folder been re-encrypted since they were added?



  • 3.  RE: Unable to decrypt files from a NetShare

    Posted Mar 05, 2012 10:07 PM

    Hi,

     

    Please check if below article can help you!

     

    PGP NetShare: You Are Attempting To Protect A File Or Folder That No one...:

    http://www.symantec.com/docs/TECH149842



  • 4.  RE: Unable to decrypt files from a NetShare

    Posted Mar 06, 2012 09:51 AM

    Check these user have modify / full access in NTFS (right click on folder, properties, security)



  • 5.  RE: Unable to decrypt files from a NetShare

    Posted Mar 06, 2012 11:25 AM

    @Avkash K - You may be on to something.  When I look at the NetShare permissions there is an Unknown key and there are no "Admins" or "Group Admins" only "Users".  

    The option to promote a user to admin or group admin is grayed out.  If the user trys to re-encrypt the file to add a new user they receive the same error message as above.

    Is a Admin required for decryption? If the user can open and access the file shouldn't they be able to decrypt?

    @Julian_M I checked the NTFS permissions and the user has Full Control to the file and directory containing the file.  I've also tried coping the file to my local workstation, adding the user's key pair to my key chain and I receive the same error when trying to decrypt or re-encrypt.  I also tested with another user on the same NetShare and they get the same error.

    I appreciate everyone's help and suggestions...



  • 6.  RE: Unable to decrypt files from a NetShare

    Posted Mar 06, 2012 09:50 PM

    Hi,

     

    Are you going with the below point??

    An PGP NetShare Admin can add and remove users and Group Admins.



  • 7.  RE: Unable to decrypt files from a NetShare

    Posted Mar 07, 2012 02:31 PM

    @Avkash K - I have to believe that it is related in some way to the Unknown Key of the user who originally created the NetShare.  That person's key/account was deleted from the PGP Universal server.  We did find a copy of their key but it was expired so it was of no use. 

    I've opened an official support case to see if they have any suggestions.  

    Thanks 



  • 8.  RE: Unable to decrypt files from a NetShare

    Posted Jul 24, 2012 06:02 PM

    I'm having the same issue, although we have Admins and Group Admins and no missing/unidentified keys.

    My testing shows that only Admins and Group Admins can remove a file from Netshare, even after copying it out of the protected folder (e.g. onto their desktop).

    Save As.. doesn't seem to work although I hear that varies depending on the file type and app used.

    Emailing it to yourself does work, but the whole point of implementing netshare was to avoid emailing around sensitive files!

    From reading the documentation, it seems that the intended functionality is for all users to be able to decrypt files if they really need to. The interim solution is to make everyone a Group Admin, but that's undesirable and means re-encrypting the entire file share :(

    Does anyone have a solution for this by any chance?

    Cheers,



  • 9.  RE: Unable to decrypt files from a NetShare

    Posted Aug 08, 2012 12:10 PM

     

    @mgcon
     
    I attended PGP training last week and I brought up the permission issues with the default NetShare roles.  The instructor suggested that if enough people complained about the issue it would get noticed and addressed in a future release.  Ha!
     
    I did learn that you can use the "Prevent the encryption of files in the following folders" option in the Consumer Policies - Desktop - NetShare to black-list folders.  You can then copy an encrypted file from an existing NetShare into the black-listed folder and it will automatically remove the encryption. (Assuming that you had a key to the NetShared file)
     
    For me the better solution would be for Symantec to change the "User" role so that it has the ability to right click on NetShare files and remove them from the NetShare (decrypt the files).  I don't like using the Group Admin or Admin roles, because they give the users the ability to add other users to the NetShare and we are trying to centrally manage all NetShares. 


  • 10.  RE: Unable to decrypt files from a NetShare

    Posted Aug 09, 2012 02:47 PM

    Thanks for the update. Sadly I'm using Netshare without a server so I don't have that option. At least I know it's not something we're doing wrong and what my options are now.

    I have found some good workarounds to allow non-Admins to decrypt files without emailing them:

    Add to a WinZip archive then unzip.

    Use PGP Desktop to secure with a key or passphrase, then decrypt.

    Use PGP Desktop to encrypt to yourself, then decrypt. (Note, if when decrypting you overwrite the source file, it seems to keep the Netshare encryption, so delete or rename it first)