Solved

Encrypt shared folder

Posted on 2014-04-30
13
1,284 Views
Last Modified: 2014-06-07
I'm trying to find a simple solution to encrypt a drive/folder on a MS 2008 R2 server. (The root folder and it's contents are the only data on the drive).

Ideally I would like the users to be prompted for a password whenever they try to access that encrypted network share. (The encryption is for compliance purposes).

I tried BitLocker on a test drive I shared out, set up a password - But I'm not being asked for a password when opening the test file. I went into the local group policy and enabled everything I had to.

Is there a step I'm missing? or another program I can use?
0
Comment
Question by:RISLA
  • 5
  • 3
  • 3
13 Comments
 
LVL 28

Expert Comment

by:serialband
ID: 40032812
I haven't tried bitlocker yet, but the other whole drive encryption schemes (truecrypt, filevault) I've used only password protect the drive when you first attempt to mount it.  You don't have to enter a password after it's been unencrypted for mounting.
0
 

Author Comment

by:RISLA
ID: 40032831
Thanks serialband, I'll try TrueCrypt. Do you know how backups would behave trying to access a truecrypt drive?
0
 
LVL 28

Expert Comment

by:serialband
ID: 40033830
Once you enter the password, the drive is decrypted for mounting and it should behave as a normal drive.  I suspect that bitlocker would work the same way.
0
 

Author Comment

by:RISLA
ID: 40034351
Just so I'm clear:

It's normal behavior for all users to access the shared drive and it's contents without being asked for a password; If I have already entered the password on the server itself?

I encrypted the test drive (5GB with a text document shared out), entered the password to mount it to a new drive letter on the server. Now whenever someone accesses that share they're not asked for a password. Is this normal?

Thanks for bearing with me, I've never had to encrypt a network share before.
0
 
LVL 28

Accepted Solution

by:
serialband earned 500 total points
ID: 40034942
Yes.  You only need to enter the password to mount the encrypted share.  Once it's mounted, it is accessible to everyone.  You're supposed to use ACLs to prevent network access.

Disk encryption is mainly designed to protect laptop users from data theft in addition to physical theft.  It could also protect against illegal LEO access when your equipment is confiscated.  It's not designed to protect against network access.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 53

Expert Comment

by:McKnife
ID: 40040945
Encryption is not right here.
Please describe your scenario. In other words, why wouldn't NTFS permissions (the standard solution) suffice?
0
 

Author Comment

by:RISLA
ID: 40081890
It is to comply with SOC1, SOC2 and GLBA.
0
 

Author Comment

by:RISLA
ID: 40081895
Thank you. I finally implemented it on the production LUN and it was transparent to the users.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40082034
What did you implement and why is my comment chosen as solution?
0
 

Author Comment

by:RISLA
ID: 40085303
I meant to select serialband. Not sure there's a way to correct this, maybe a moderator will see this.

I wound up using bitlocker.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40089314
You will have to contact the mods if serial band should get the points. I wonder why you did not respond to my question. I am sure that encryption does not help you.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now