Encrypting network file shares to Group Keys with Symantec File Share Encryption

book

Article ID: 161242

calendar_today

Updated On:

Products

Symantec Products File Share Encryption File Share Encryption Powered by PGP Technology Encryption Management Server Powered by PGP Technology Encryption Management Server

Issue/Introduction

This article will go over the steps on how to use Symantec File Share to encrypt shares using Group Keys, which will save you a lot of time and effort.  Using  Group Key will mean you no longer need to reencrypt shares when you want to add or remove user access.  All you need to do is add the users to the existing Group in Symantec Encryption Management Server, and the users will then be able to immediately access the shares, all without needing to enter a passphrase.

Group Keys are secure as well.  When the user authenticates to the Encryption Server for policy this group access is automatically determined.  If the user is part of an applicable group, whenever accessing the share is performed, the share is automatically unlocked and the keys are never stored locally, which means you don't need to worry about user key management.

 

For information on other topics for File Share Encryption, see the following articles:

155519 - Best Practices for Creating and Managing Symantec File Share Encrypted Folders
180791 - Symantec File Share Encryption Group Key FAQ's.
180789 - How do I create a new Group with a File Share Encryption Group Key on Symantec Encryption Management Server?
155582 - Adding a Group Key to an Existing Group on the Symantec Encryption Management Server

Resolution

In order to provide access to Network drive for all the members of the consumer group, manually add the Group key to the Encrypted folder using following steps.

For details on creating Group Key refer Technote.

  1. Right Click on the Folder and select "Reencrypt”
  2. Form the “Add Users” window, select "Add”
  3. Select the Group Key if already imported in the keyring and click on Add, else search the group key from the PGP Key Server and "Add" to the keys. 
  4. Click on "OK".
  5. From the Select Signer page, from the drop down select the Signer (optional).
  6. Click on "Next", and then "Finish" 

Related articles: 

Tip: Network Drives should not be added in whitelist from consumer policy. If we do so, the content of the folder are encrypted to the key of the first user to receive the policy setting who has the shared folder mapped on their computer as a network drive, and no other user can assess the encrypted network drive.

HOWTO61299  : PGP NetShare Group Key FAQ's 

TECH176017   : Best Practices for Creating and Managing Symantec FileShare (Formerly PGP NetShare) Encrypted Folders

 

Applies To

Symantec Encryption Desktop (PGP)

Symantec Encryption Server, powered by PGP.