Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

How to secure PST files on Server


Small office with 2003 server and 11 clients, no exchange server. All clients use microsoft outlook 2003. I am somewhat new to 2003 server. (have more novell background) I have clients automatically backing up PST's to the server to a separate sub-folder named for each user, under one top folder named "mail_bkups".

Then we have tape and backups done via Internet. All works well, my only concern is that (and it is very low risk for this place, since I know really none of these users would most likely not be able to do the following) someone browsing the network drive s:\ shared would see the pst for another user and copy it to their computer or flash drive and then be able to see someone else's mail, etc.

I could rename top folder to something like "technical_bulletins" as a red herring or can i lock down each folder by user, except there are at least three people with server admin access (boss'es) so maybe a way to encrpty file before copied from client or after on client so no one can see pst date.

any suggestion or help is apprciated.
3 Solutions
There are software measures you can take to encrypt files on a server w/ Microsoft you can use EFS or PGP for desktop encryption.
Bu the easiest fix for your issue would be to simply have each user create a password on their PST file. From Outlook, on to the Properties of the PST file and click Advanced then Change Password. Enter a password and each time they open Outlook the PST file will ask for their password.
If you wanted to get fancy, you can use folder permissions to lock down users from checking anyone else's files. This is from the security tab on the main mail_bkups folder.

Go to folder properties for mail_bkups, click the security tab, click advanced.

Uncheck allow inheritable permissions from the parent ( i would advise to manually write down the permission entires for backup). It will ask if you want to copy or remove, choose remove.
If you need to reset security if things go wrong, just recheck this box.

Add administrators group with full control, add OWNER group to give the users control of their own folder. Check Replace permission entries on child and click APPLY.

What this does is it gives administrator and each folder owner access to the subfolders inside mail_bkups. the OWNER tab denies other users from browsing into other ppl's folders.

Use the Home Directory feature, that will give each user their own folder than can be mapped to a network drive.  All the security is already setup when you create this Home Directory.  As for the Bosses with server admin access, first of all just because they are a boss is not a good reason to have server admin, my boss does not have it and never will.  He gets access to everything he wants without being an actual server admin.  Second, they are probably entitled to the data you are trying to protect, so it may not be something that you need to put a lot of effort into.
millhouselivesAuthor Commented:
Accepting all three answers, this is the second time I have posted this. I don't know what happened the first time, but I fell all three answers are valid and think in the interest of being fair have deciced to up the point total to 150 and split three ways.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now