Using encryption on file and database servers on a windows network with a server 2008 r2 functional level.

rabpwh1000
rabpwh1000 used Ask the Experts™
on
I was looking at encrypting data stored on file and database servers on a windows network. [functional level 2008r2] Does anybody know if using windows encryption is a good option or is there other encryption solutions that are easier and more efficient  to implement?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ITSysTechSenior Systems Administrator

Commented:
Take a look at this post. Encrypting passwords – What’s the point? It discusses the same type of issues you mentioned.
Distinguished Expert 2018

Commented:
You need to describe what exact scenario you are protecting against. Only after knowing the scenario, this can be answered.
Distinguished Expert 2018

Commented:
rabpwh1000, without your feedback, there will be no progress. Please return :-)
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Sorry for the delayed reply, I have been on holiday.  I was looking at encrypting some directories on our windows fileserver that contain confidential data. I thought if I encrypted those it would add some security.
Distinguished Expert 2018

Commented:
And what scenario should be protected against?

Author

Commented:
Hi McKnife

I was hoping to have some way of rendering the data useless if it was copied out of the network by some means
Distinguished Expert 2018

Commented:
Aha. So what your are at is data leakage prevention. You would like to prevent that people who are entitled to view the data will take the data of premises. That would need some technology like active directory rights management services.
Please note:
ADRMS is a feature of windows server in the standard edition and not that hard to setup, however, it requires enterprise CALs. Do you have those?

Author

Commented:
I only have windows standard edition so I expect I don't have enterprise CALs. How would I identify these?
Distinguished Expert 2018

Commented:
Ask your accountants or look it up in your own "housekeeping" :-|
CALs are not something that is present digitally anywhere but rather just a contract.

To point you to what you are looking for: see this link to get an idea about user CALs, Core CAL suite vs enterprise CAL suite: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75a-a5b04179958b/licensing_core_cal_and_enterprise_suite.pdf

Author

Commented:
Hi

I was looking in my Microsoft Licensing Service Centre  and all I can see is Windows Server Device Cals. I don't see any user Cals.  Does this make any sense?
Distinguished Expert 2018

Commented:
The CAL concept was revised by Microsoft some years ago, I am not sure what kind of CALs you might have and if these even belong to a comparable suite, sorry. Device CALs can be bought as part of a core CAL suite/ enterprise CAL suite as well, they would license per computer and not per user.

You will have to look that up.

Author

Commented:
I will try and contact Microsoft to see what the licensing arrangements were when we bought these.
Distinguished Expert 2018

Commented:
That's sensible. Ask them if you are entitled to use AD rights management services.

Author

Commented:
Will do. Thanks McKnife

Author

Commented:
Hi McKnife

I have checked with Microsoft and I need to purchase Windows Rights Management Services CALs. The cheapest option is Device CALs. I take it that every device on the network that connects to the fileserver will need a CAL?
Distinguished Expert 2018

Commented:
"Windows Rights Management Services CALs" - Really? Never heard of that as a single product. Ask for a price, I am interested.
Yes, every device that would use the server that has AD RMS installed would need a CAL.

Author

Commented:
Price Quoted below.    I am assuming I can down level this back to 2008 r2 but need to check on this.

Microsoft Windows Rights Mgt Services  CAL 2016 Sngl OLP 1License Device CAL     36.99 GBP  ex Vat

Do you know if this is straight forward to set up?  Do you know of any pitfalls?
Distinguished Expert 2018
Commented:
Very interesting. We were about to use ADRMS until we discovered that it wasn't covered by our CALs. Now through you I learn that this is a modular component at a price we could afford. Great.

You can setup ADRMS without many problems/pitfalls. Let me look at what I used for a how to...
It could be that I used this one: https://mizitechinfo.wordpress.com/2013/09/07/simple-guide-installing-and-configuring-ad-rms-in-windows-server-2012-r2-part-1/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial