How to secure PST files on Server


Small office with 2003 server and 11 clients, no exchange server. All clients use microsoft outlook 2003. I am somewhat new to 2003 server. (have more novell background) I have clients automatically backing up PST's to the server to a separate sub-folder named for each user, under one top folder named "mail_bkups".

Then we have tape and backups done via Internet. All works well, my only concern is that (and it is very low risk for this place, since I know really none of these users would most likely not be able to do the following) someone browsing the network drive s:\ shared would see the pst for another user and copy it to their computer or flash drive and then be able to see someone else's mail, etc.

I could rename top folder to something like "technical_bulletins" as a red herring or can i lock down each folder by user, except there are at least three people with server admin access (boss'es) so maybe a way to encrpty file before copied from client or after on client so no one can see pst date.

any suggestion or help is apprciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

There are software measures you can take to encrypt files on a server w/ Microsoft you can use EFS or PGP for desktop encryption.
Bu the easiest fix for your issue would be to simply have each user create a password on their PST file. From Outlook, on to the Properties of the PST file and click Advanced then Change Password. Enter a password and each time they open Outlook the PST file will ask for their password.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you wanted to get fancy, you can use folder permissions to lock down users from checking anyone else's files. This is from the security tab on the main mail_bkups folder.

Go to folder properties for mail_bkups, click the security tab, click advanced.

Uncheck allow inheritable permissions from the parent ( i would advise to manually write down the permission entires for backup). It will ask if you want to copy or remove, choose remove.
If you need to reset security if things go wrong, just recheck this box.

Add administrators group with full control, add OWNER group to give the users control of their own folder. Check Replace permission entries on child and click APPLY.

What this does is it gives administrator and each folder owner access to the subfolders inside mail_bkups. the OWNER tab denies other users from browsing into other ppl's folders.

Use the Home Directory feature, that will give each user their own folder than can be mapped to a network drive.  All the security is already setup when you create this Home Directory.  As for the Bosses with server admin access, first of all just because they are a boss is not a good reason to have server admin, my boss does not have it and never will.  He gets access to everything he wants without being an actual server admin.  Second, they are probably entitled to the data you are trying to protect, so it may not be something that you need to put a lot of effort into.
millhouselivesAuthor Commented:
Accepting all three answers, this is the second time I have posted this. I don't know what happened the first time, but I fell all three answers are valid and think in the interest of being fair have deciced to up the point total to 150 and split three ways.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.