How to secure PST files on Server

Posted on 2008-11-19
Last Modified: 2012-05-11

Small office with 2003 server and 11 clients, no exchange server. All clients use microsoft outlook 2003. I am somewhat new to 2003 server. (have more novell background) I have clients automatically backing up PST's to the server to a separate sub-folder named for each user, under one top folder named "mail_bkups".

Then we have tape and backups done via Internet. All works well, my only concern is that (and it is very low risk for this place, since I know really none of these users would most likely not be able to do the following) someone browsing the network drive s:\ shared would see the pst for another user and copy it to their computer or flash drive and then be able to see someone else's mail, etc.

I could rename top folder to something like "technical_bulletins" as a red herring or can i lock down each folder by user, except there are at least three people with server admin access (boss'es) so maybe a way to encrpty file before copied from client or after on client so no one can see pst date.

any suggestion or help is apprciated.
Question by:millhouselives
    LVL 10

    Accepted Solution

    There are software measures you can take to encrypt files on a server w/ Microsoft you can use EFS or PGP for desktop encryption.
    Bu the easiest fix for your issue would be to simply have each user create a password on their PST file. From Outlook, on to the Properties of the PST file and click Advanced then Change Password. Enter a password and each time they open Outlook the PST file will ask for their password.
    LVL 3

    Assisted Solution

    If you wanted to get fancy, you can use folder permissions to lock down users from checking anyone else's files. This is from the security tab on the main mail_bkups folder.

    Go to folder properties for mail_bkups, click the security tab, click advanced.

    Uncheck allow inheritable permissions from the parent ( i would advise to manually write down the permission entires for backup). It will ask if you want to copy or remove, choose remove.
    If you need to reset security if things go wrong, just recheck this box.

    Add administrators group with full control, add OWNER group to give the users control of their own folder. Check Replace permission entries on child and click APPLY.

    What this does is it gives administrator and each folder owner access to the subfolders inside mail_bkups. the OWNER tab denies other users from browsing into other ppl's folders.

    LVL 9

    Assisted Solution

    Use the Home Directory feature, that will give each user their own folder than can be mapped to a network drive.  All the security is already setup when you create this Home Directory.  As for the Bosses with server admin access, first of all just because they are a boss is not a good reason to have server admin, my boss does not have it and never will.  He gets access to everything he wants without being an actual server admin.  Second, they are probably entitled to the data you are trying to protect, so it may not be something that you need to put a lot of effort into.

    Author Comment

    Accepting all three answers, this is the second time I have posted this. I don't know what happened the first time, but I fell all three answers are valid and think in the interest of being fair have deciced to up the point total to 150 and split three ways.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    Today, security is a big concern in an organization to prevent sensitive data leakage. In Outlook you can secure your Outlook items (emails, calendars, contacts and other stuff) using various techniques like by marking item as private, or you can pu…
    I didn’t use eM Client for long when I decided to swap to Outlook 2016. The reason for the switch is that it started asking for payment to continue some of its services after one month.   The problems I faced when I didn’t pay were:   I was not …
    The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…
    The purpose of this video is to demonstrate how to use PicMonkey software to customize images for a Mailchimp campaign. Picmonkey is free and simple online software which can be used by users who don’t have robust editing software such as Photoshop,…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now