Solved

Multi-user encrypted volumes

Posted on 2010-08-13
3
524 Views
Last Modified: 2013-12-04
Can anybody recommed some software which will allow encrypted volumes with multiple passwords or some other solution to the scenario below?

The scenario is as follows:

- Managers each need their own encrypted area with their own password.
- IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
- A company director needs to be able to access every person's data with his own password (as opposed to having all the users' passwords).
- Ideally there would be the flexibility to have shared areas which each manager has a separate password for.

This is for a fairly small amount of data, say 10 users with 1gb of storage each. It is in a windows server/xp desktop environment. The problem is IT Admins not being able to decrypt the data otherwise it would be pretty straightforward just using NTFS permissions and IT Admins then encrypting the backups.

We thought about using truecrypt with keyfiles but the only way to use it with multiple passwords is to use smart cards holding the keyfiles.
0
Comment
Question by:BAMINATOR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Accepted Solution

by:
curua2008 earned 250 total points
ID: 33432475
what about using Credant Mobile Guardian product with the following features

- common encryption key: all users in a certain AD groups can login and access to encrypted data. Other users including IT can login but couldn't read the data as they're not in that special AD group) It will be good for sharing data between managers
- user encryption key: data will be encrypted using user encryption key, and only the owner can login and read the data. However the user's key is backed up and managed centrally to a central encryption server. When Director need to decrypt any data, the encryption server admin can assist to decrypt any encrypted data. ( only the encryption admin can do that) This feature is good as enterprise solution because the encryption key is stored and managed centrally.

Credant Mobile Guardian is a encryption software working at file & folder level. You can define encryption policy frm the server, and push it down to client, you can encrypt user HDD, USB device and you can use either common encryption or user encryption or you can combine both of them. Users don't have to get another password to lock/unlock the data. Everything will be based on their AD password. Encryption/decryption will be done automatically & transparently.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 33561805
Hi.
> IT Admins need to be able to backup the encrypted data but not be able to decrypt it.
This is silly if you think about it. If I have admin rights on your machine and I need to get hold of your password, I install a keylogger from remote (AV scan will find that - haha), wait for some hours, grab the recorded textfile with the password and uninstall the keylogger.
If someone has administrative access you cannot prevent he can possibly get to any content on that machine.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
OfficeMate Freezes on login or does not load after login credentials are input.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question