File Encryption in 2003 server

Posted on 2009-02-20
Last Modified: 2013-12-05
Situation :
   I want to encrypt some files.
   Theses files are shared among some AD users
   If the files are copied outside domain it should not be usable.
         (means, for example, if a user copy the files into his laptop which is not part of the AD, then the files must deny access to it)
Question by:avalon_india
    LVL 7

    Expert Comment

    I use this app for encrypting not only files but whole disk encryption as well:

    Author Comment

    but crokeefe28, truecrypt encrypts the folder/files that is true, but what I want is that if the user copies the file and use it in another system, then it should not work.
    thank you.
    LVL 7

    Expert Comment

    This actually looks like it may fit into something that you would be looking for:

    I think to accomplish what you are looking for you may have to take a layered approach.  Combination of DLP (Data Loss Prevention) and WDE (Whole Disk Encryption).  The main problem that you may face is the Key Management piece.  You probably want users to be able to access the files that they need if they are authorized, which would fall under the DLP policies and would likely carry a local copy of the Key Management to allow them to do so.  Those that are not authorized, you could block totally.  Regardless, if you are not performing WDE on the client, then if a user has the rights to take data, and if they are compromised, the intruder could take any information because that user has the appropriate authority to do so.  Let me know what you think.  If it does not work for you, then I will keep researching.....Sorry for misunderstanding you yesterday.


    Author Comment

    Dear crokeefe28

    Thank you for your reply.
    I checked the site you said. and already requested a free trial and waiting for their response.

    I will try to simplify my needs.
    I am part of a software company.
    We have to share some very important files among about 5-9 peoples in our domain.
    They are allowed to view/modify them as normal.
    What we need is, if somebody takes the hdd outside domain and connect it as slave or if the data files are copied into their own usb/external hdd and try it in a system outside our domain then, it should not work. Is it possible?

    Thank you.
    LVL 7

    Accepted Solution

    With money....anything is possible.  What you need is something like PGP Universal Server.  This provides whole disk encryption to meet the requirement for the HDD and will not allow anyone to write anything to removable media without first encrypting the drive and/or USB, etc.  The only problem is that is can be costly, depending upon the setup.  I think that McAfee has expanded upon the ePO (e Policy Orchestrator) with the DLP and includes encryption with it, as well as Symantec.  We use PGP at my company, and the great part about it is that when you set it up, you can share your Public keys with others on the Internet and start encrypting messages as well.  Here are a few links to the above products to get you started on your search for the best product for your needs.  This will help you learn the industry terminology and what to look for:

    and the best of all....

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now