• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Encrypt folder 2003 server with Raid5 - what software?

I am looking to encrypt a few shared folders on my 2003 server that has a raid configuration -what is the best way to do this, free or purchased software is fine.  I am also wondering how a recovery works should a drive in the raid fail?
Do I just get everyone out of the share, encrypt, then let them back in?

Thanks
0
rhwimmers
Asked:
rhwimmers
  • 4
  • 4
1 Solution
 
HonezCommented:
Server 2003 comes with EFS, Encrypting File System.  You can Rclick on a folder, then click advanced in the general tab.  Then click the check next to Encrypt contents to secure data.

It still works with your NTFS permissions.  Here is an article about EFS.  Make note of the recovery agent.

http://technet.microsoft.com/en-us/library/cc512680.aspx
0
 
rhwimmersAuthor Commented:
Ah, thought it was only an 08 thing, great.

So I can right click and encrypt and be done with it?  When a user pulls up the file on their unencrypted drive it still will be visible? Do they need any decryption tools or anything like that?  What if there is a database like quickbooks on this drive, any issues there?
0
 
rhwimmersAuthor Commented:
So if I have a server with 2 folders that are shared out to 5 users and want those encrypted, whats the best way to do this?  I think from reading that article each user will need a key so they can decrypt the file for viewing, I don't fully understand how that works or the best way to roll that out?
If I simply encrypt that folder, I am guessing all of my remote users will lose access to the folder?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
HonezCommented:
If you are hosting the folders on the server, then yes, right click on the folder, click advanced then encrypt.  Everyhting else to the user is transparent I.E. they wont be asked for a password or decryption tool because the authenticaion takes place through Active directory.

If any item is moved from the encrypted location to another location, it will lose the encryption, or take on whatever encryption setting the new location has.

I dont see any problems hosting a quickbooks file in EFS, because it is all transparent.
0
 
rhwimmersAuthor Commented:
Really! So its that easy?  I don't need to worry about all the keys for individual users etc?  Just encrypt the shared folders and I am done?  Maybe export some certificate to have an "offline" key in the event of a disaster or something?
If a new file is created by the user (on their shared folder/mapped drive) it will be automatically encrypted because its on the server, is that right?
0
 
HonezCommented:
Yes, the authentication happens in conjunction with Active directory.  And yes, you do want to take measures to b/u your recovery agent.  Most everything you need is in the doc I sent in the original post.

Start slow.  Try a test folder and add a user to it.  See how it goes, and notice the color change in your computer view to tell which folders are encrypted.  Its a neat feature in Windows that is not used all that much.  Remember Active directory provides permissions that will restrict access, the encryption provides a hashed layer to ensure confidentiality.
0
 
rhwimmersAuthor Commented:
Thanks for the help.  So if someone broke in and stole the server - he could hack the admin account (would take about 5 minutes booting off an USB drive) and decrypt the files, right?
0
 
HonezCommented:
Nothing is 100% secure.  You can only compose those measures to make it extrememly difficult for a potential hacker to get past.  That being said, no, it is not that easy because of the way a DC maintains a SAM database.  The traditional locksmith (password) recovery CD will not work on a DC.  They will have to hack AD.  If you didnt set a directy services restore mode administrator password, then it would be pretty easy.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now