Using encryption on file and database servers on a windows network with a server 2008 r2 functional level.

I was looking at encrypting data stored on file and database servers on a windows network. [functional level 2008r2] Does anybody know if using windows encryption is a good option or is there other encryption solutions that are easier and more efficient  to implement?
rabpwh1000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ITSysTechSenior Systems AdministratorCommented:
Take a look at this post. Encrypting passwords – What’s the point? It discusses the same type of issues you mentioned.
McKnifeCommented:
You need to describe what exact scenario you are protecting against. Only after knowing the scenario, this can be answered.
McKnifeCommented:
rabpwh1000, without your feedback, there will be no progress. Please return :-)
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

rabpwh1000Author Commented:
Sorry for the delayed reply, I have been on holiday.  I was looking at encrypting some directories on our windows fileserver that contain confidential data. I thought if I encrypted those it would add some security.
McKnifeCommented:
And what scenario should be protected against?
rabpwh1000Author Commented:
Hi McKnife

I was hoping to have some way of rendering the data useless if it was copied out of the network by some means
McKnifeCommented:
Aha. So what your are at is data leakage prevention. You would like to prevent that people who are entitled to view the data will take the data of premises. That would need some technology like active directory rights management services.
Please note:
ADRMS is a feature of windows server in the standard edition and not that hard to setup, however, it requires enterprise CALs. Do you have those?
rabpwh1000Author Commented:
I only have windows standard edition so I expect I don't have enterprise CALs. How would I identify these?
McKnifeCommented:
Ask your accountants or look it up in your own "housekeeping" :-|
CALs are not something that is present digitally anywhere but rather just a contract.

To point you to what you are looking for: see this link to get an idea about user CALs, Core CAL suite vs enterprise CAL suite: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75a-a5b04179958b/licensing_core_cal_and_enterprise_suite.pdf
rabpwh1000Author Commented:
Hi

I was looking in my Microsoft Licensing Service Centre  and all I can see is Windows Server Device Cals. I don't see any user Cals.  Does this make any sense?
McKnifeCommented:
The CAL concept was revised by Microsoft some years ago, I am not sure what kind of CALs you might have and if these even belong to a comparable suite, sorry. Device CALs can be bought as part of a core CAL suite/ enterprise CAL suite as well, they would license per computer and not per user.

You will have to look that up.
rabpwh1000Author Commented:
I will try and contact Microsoft to see what the licensing arrangements were when we bought these.
McKnifeCommented:
That's sensible. Ask them if you are entitled to use AD rights management services.
rabpwh1000Author Commented:
Will do. Thanks McKnife
rabpwh1000Author Commented:
Hi McKnife

I have checked with Microsoft and I need to purchase Windows Rights Management Services CALs. The cheapest option is Device CALs. I take it that every device on the network that connects to the fileserver will need a CAL?
McKnifeCommented:
"Windows Rights Management Services CALs" - Really? Never heard of that as a single product. Ask for a price, I am interested.
Yes, every device that would use the server that has AD RMS installed would need a CAL.
rabpwh1000Author Commented:
Price Quoted below.    I am assuming I can down level this back to 2008 r2 but need to check on this.

Microsoft Windows Rights Mgt Services  CAL 2016 Sngl OLP 1License Device CAL     36.99 GBP  ex Vat

Do you know if this is straight forward to set up?  Do you know of any pitfalls?
McKnifeCommented:
Very interesting. We were about to use ADRMS until we discovered that it wasn't covered by our CALs. Now through you I learn that this is a modular component at a price we could afford. Great.

You can setup ADRMS without many problems/pitfalls. Let me look at what I used for a how to...
It could be that I used this one: https://mizitechinfo.wordpress.com/2013/09/07/simple-guide-installing-and-configuring-ad-rms-in-windows-server-2012-r2-part-1/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.