Windows 2000 Server - Encryption Security
Posted on 2005-04-13
So we've enabled file encryption for some shares on one of our Windows 2000 file servers.
We have one particular share that is very sensitive. I'd like to know any thoughts on how to protect the keys. My thoughts...
-We have a large group of domain admins. Even they will be removed from Read permissions on this share.
-We need to keep the key somewhere secure so that if we have a server disaster and need to restore, we can get at it.
Thoughts? Perhaps kept on a CD with our Information Security Office?
Any other issues to think about when protecting access to an encrypted file share?