How do I create a New Group with a File Share Encryption Group Key on Symantec Encryption Management Server?

book

Article ID: 180789

calendar_today

Updated On:

Products

Symantec Products File Share Encryption File Share Encryption Powered by PGP Technology Encryption Management Server Encryption Management Server Powered by PGP Technology

Issue/Introduction

How do I create a New Group with a File Share Encryption Group Key on Symantec Encryption Management Server?

 

For information on other topics for File Share Encryption, see the following articles:
155519 - Best Practices for Creating and Managing Symantec FileShare Encrypted Folders
180791 - Symantec File Share Encryption Group Key FAQ's.
155582 - Adding a Group Key to an Existing Group on the Symantec Encryption Management Server
161242 - Encrypting network file shares to Group Keys with Symantec File Share Encryption

Resolution

Creating a New Group with a Group Key

To create a new group with a group key

  1. Log in to the Symantec Encryption Management Server admin interface, and click on Consumers.
  2. On the Groups page, click Add Group. The Groups Settings: Add Group page appears.


  3. On the General subtab, type in a Group Name and Description.
  4. To apply a consumer policy to members of this group, select Apply Consumer Policy to members of this group, and choose a consumer policy from the drop-down menu.
  5. To add a group key to this group, click Generate to create a new group key or Import to import an existing keypair as the group key.

    When you click Generate, a new group key will be created using the current default settings for a group key.

    When you click Import, the Import Key page appears. Select a key file or paste a key block, enter the passphrase of the private key, then click Import.

  6. On the Membership subtab, enable Match Consumers Via Directory Synchronization.
  7. For LDAP Directory, select the appropriate LDAP directory from the drop-down menu.
  8. Select If all of the following apply, then enter "memberOf" without the quotes in the Attribute field. In the Value field, enter the Distinguished Name (DN) of the appropriate Active Directory security group.


  9. Click Save to create the group.

Note: To quickly create a new group from an Active Directory security group with an automatically generated group key, go to Keys > Managed Keys, click on the Generate AD Group Keys button, and follow the on-screen instructions.

 

Additionally, if you would like to add specific users to the groups w/out using Active Directory logic, you can add members to groups manually.

  1. Once your group is created, and you've clicked Save, you'll be at the Group page.  Click View next to Users:
  2. Next, Click "Add Users" and type in the name of the user in question and click Save:
  3. You will then see the user added to the Group manually and this will give them access to the share:
  4. You can add any other users who may need access to the share.


  5. Once you have saved the groups, you'll be able to see the overview details, and you'll know there's a File Share Group Key added to the share by the double-key icon to the right:

Attachments