This article will go over the steps on how to use Symantec File Share to encrypt shares using Group Keys, which will save you a lot of time and effort. Using Group Key will mean you no longer need to reencrypt shares when you want to add or remove user access. All you need to do is add the users to the existing Group in Symantec Encryption Management Server, and the users will then be able to immediately access the shares, all without needing to enter a passphrase.
Group Keys are secure as well. When the user authenticates to the Encryption Server for policy this group access is automatically determined. If the user is part of an applicable group, whenever accessing the share is performed, the share is automatically unlocked and the keys are never stored locally, which means you don't need to worry about user key management.
For information on other topics for File Share Encryption, see the following articles:
155519 - Best Practices for Creating and Managing Symantec File Share Encrypted Folders
180791 - Symantec File Share Encryption Group Key FAQ's.
180789 - How do I create a new Group with a File Share Encryption Group Key on Symantec Encryption Management Server?
155582 - Adding a Group Key to an Existing Group on the Symantec Encryption Management Server
In order to provide access to Network drive for all the members of the consumer group, manually add the Group key to the Encrypted folder using following steps.
For details on creating Group Key refer to the PGP NetShare Group Key FAQ's
Tip: Network Drives should not be added in whitelist from consumer policy. If we do so, the content of the folder are encrypted to the key of the first user to receive the policy setting who has the shared folder mapped on their computer as a network drive, and no other user can assess the encrypted network drive.
Symantec Encryption Desktop (PGP)
Symantec Encryption Server, powered by PGP.