Using encryption on file and database servers on a windows network with a server 2008 r2 functional level.

Take a look at this post. Encrypting passwords – What’s the point? It discusses the same type of issues you mentioned.

You need to describe what exact scenario you are protecting against. Only after knowing the scenario, this can be answered.

rabpwh1000, without your feedback, there will be no progress. Please return :-)

Sorry for the delayed reply, I have been on holiday.  I was looking at encrypting some directories on our windows fileserver that contain confidential data. I thought if I encrypted those it would add some security.

And what scenario should be protected against?

Hi McKnife

I was hoping to have some way of rendering the data useless if it was copied out of the network by some means

Aha. So what your are at is data leakage prevention. You would like to prevent that people who are entitled to view the data will take the data of premises. That would need some technology like active directory rights management services.
Please note:
ADRMS is a feature of windows server in the standard edition and not that hard to setup, however, it requires enterprise CALs. Do you have those?

I only have windows standard edition so I expect I don't have enterprise CALs. How would I identify these?

Ask your accountants or look it up in your own "housekeeping" :-|
CALs are not something that is present digitally anywhere but rather just a contract.

To point you to what you are looking for: see this link to get an idea about user CALs, Core CAL suite vs enterprise CAL suite: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75a-a5b04179958b/licensing_core_cal_and_enterprise_suite.pdf

Hi

I was looking in my Microsoft Licensing Service Centre  and all I can see is Windows Server Device Cals. I don't see any user Cals.  Does this make any sense?

The CAL concept was revised by Microsoft some years ago, I am not sure what kind of CALs you might have and if these even belong to a comparable suite, sorry. Device CALs can be bought as part of a core CAL suite/ enterprise CAL suite as well, they would license per computer and not per user.

You will have to look that up.

I will try and contact Microsoft to see what the licensing arrangements were when we bought these.

That's sensible. Ask them if you are entitled to use AD rights management services.

Will do. Thanks McKnife

Hi McKnife

I have checked with Microsoft and I need to purchase Windows Rights Management Services CALs. The cheapest option is Device CALs. I take it that every device on the network that connects to the fileserver will need a CAL?

"Windows Rights Management Services CALs" - Really? Never heard of that as a single product. Ask for a price, I am interested.
Yes, every device that would use the server that has AD RMS installed would need a CAL.

Price Quoted below.    I am assuming I can down level this back to 2008 r2 but need to check on this.

Microsoft Windows Rights Mgt Services  CAL 2016 Sngl OLP 1License Device CAL     36.99 GBP  ex Vat

Do you know if this is straight forward to set up?  Do you know of any pitfalls?