Best Practices for Creating and Managing Symantec FileShare Encrypted Folders

book

Article ID: 155519

calendar_today

Updated On:

Products

File Share Encryption Powered by PGP Technology Encryption Management Server File Share Encryption Encryption Management Server Powered by PGP Technology

Issue/Introduction

This article provides suggested best practices for Symantec File Share Encryption (Formerly PGP NetShare).

 

For information on other topics for File Share Encryption, see the following articles:
180791 - Symantec File Share Encryption Group Key FAQ's.
180789 - How do I create a new Group with a File Share Encryption Group Key on Symantec Encryption Management Server?
155582 - Adding a Group Key to an Existing Group on the Symantec Encryption Management Server
161242 - Encrypting network file shares to Group Keys with Symantec File Share Encryption

Resolution

These best practices can help overcome issues with folders that fail to encrypt, become corrupted, or take long periods of time to finish re-encrypting.

  1. Use a File Share Encryption Group Key, which makes managing File Share folders much faster, as it will no longer have to modify all of the metadata for the encrypted files when adding or removing users to a group.

    In a Symantec Encryption Management Server managed environment, the use of Group Keys allow you to protect shared files and folders to easily add or remove group members without affecting the File Encryption metadata associated with the protected files and folders.

  2. Before encrypting, make sure the file system is scanned and defragmented on the system hosting the encrypted folder.

  3. Run the File Share encryption process from a computer other than the one used to store the encrypted folder.

  4. Try to limit the programs running on the computer doing the encryption or the one hosting the files during the encryption process (e.g., backups, virus scans).

  5. Ensure adequate resources on the server/computer hosting the Symantec File Share. As it may be an intensive process for a computer's CPU, Memory, and hard disk.

  6. Make sure that the folder permissions are set correctly to allow editing by group members and also to inherit permissions from the parent folder.

  7. Make sure that the files to be encrypted are not in use (it may be best to wait until after normal business hours before encrypting).

  8. In some cases, a folder with an extremely large amount of files in a directory may cause difficulties when attempting to encrypt the folder with FileShare Encryption.

The Group key functionality began with version 3.2.0 of PGP Universal Server and continue on with all versions of Symantec Encryption Management Server.