Creating an encrypted network share with Auditing
Dear Team,
I'm faced with a challenge in which I was asked to create a secure encrypted folder in one of our file servers. To this folder, only 4 users in our environment will have access and its needed to know via auditing or any 3rd party software who opens, modifies, deletes, moves, or access a file or folder within this share. Not sure how to go about this, I'm thinking for encryption maybe bit locker but for auditing is something I've never done before and these logs need to be easily accessible to our IT Department personnel.
Thank you.
I'm faced with a challenge in which I was asked to create a secure encrypted folder in one of our file servers. To this folder, only 4 users in our environment will have access and its needed to know via auditing or any 3rd party software who opens, modifies, deletes, moves, or access a file or folder within this share. Not sure how to go about this, I'm thinking for encryption maybe bit locker but for auditing is something I've never done before and these logs need to be easily accessible to our IT Department personnel.
Thank you.
Chief Project Engineer
CERTIFIED EXPERT
Hi,
BitLocker is designed to help protect all of the personal and system files on the drive Windows is installed on.
EFS is used to help protect individual files on any drive on a per-user basis.
You need to use EFS https://en.wikipedia.org/wiki/Encrypting_File_System
You can use the built-in file audit
https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/
BitLocker is designed to help protect all of the personal and system files on the drive Windows is installed on.
EFS is used to help protect individual files on any drive on a per-user basis.
You need to use EFS https://en.wikipedia.org/wiki/Encrypting_File_System
You can use the built-in file audit
https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/
Hi exTechnology.
Please explain, why you need encryption - what would it do for you, that cannot be done with NTFS permissions?
Please explain, why you need encryption - what would it do for you, that cannot be done with NTFS permissions?
Hello,
The reason for using bit locker or EFS encrytption is just to add an additional layer of security. This folder will contain very delicate information and we would like to protect it as much as possible (not sure if that would make a difference)
Now for the auditing part, the built-in feature in windows is great, but these reports need to be easy to read by someone that is not very technical, I was thinking it would have to be 3rd party. Not sure if there's anything out there.
The reason for using bit locker or EFS encrytption is just to add an additional layer of security. This folder will contain very delicate information and we would like to protect it as much as possible (not sure if that would make a difference)
Now for the auditing part, the built-in feature in windows is great, but these reports need to be easy to read by someone that is not very technical, I was thinking it would have to be 3rd party. Not sure if there's anything out there.
Chief Project Engineer
CERTIFIED EXPERT
Look at software fileaudit http://www.isdecisions.com/products/fileaudit/
This is the software for track, audit, report and alert on all access to files and folders on Windows servers.
This is the software for track, audit, report and alert on all access to files and folders on Windows servers.
The fear is someone copying the files to an external usb drive on their computers or other media. Would this carry over the encryption and not allow access unless they have the key?
Thank you.
Thank you.
Chief Project Engineer
CERTIFIED EXPERT
If you will be use EFS, anyone who has a key can decrypt the file and copy it to an external location.
"The fear is someone copying the files to an external usb drive on their computers or other media." - But where is that someone based? Is he admin on he server? Is he a user of another networked machine? Add these details, please, they make a difference for the answer.
This would be a user on another machine that has access to the folder, this user is accessing the folder via the network.
We would like to allow them to copy to a usb driver or other media at some point, is just that we would like for this media to keep the files in an encrypted format in case the removable media gets lost or stolen.
We would like to allow them to copy to a usb driver or other media at some point, is just that we would like for this media to keep the files in an encrypted format in case the removable media gets lost or stolen.
Chief Project Engineer
CERTIFIED EXPERT
Maybe you will approach sharepoint with Information Rights Management
Chief Project Engineer
CERTIFIED EXPERT
Also you can use to encrypt files on USB disk
1 BitLocker
2 VeraCrypt
3 Hardware Encrypted USB Flash Drives
1 BitLocker
2 VeraCrypt
3 Hardware Encrypted USB Flash Drives
"This would be a user on another machine that has access to the folder" - so why would you grant access to the folder, then? If you setup a share, and you don't want people to access files in it, then move those files to a different folder and use NTFS permissions again. No need for encryption, here.
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions