Good afternoon.
How do i go about encrypting at the folder level?
We don't want to encrypt the entire volume and i can't see where in the policies to configure it.
Thanks
Rich
This thread was automatically locked due to age.
You can use File Share to encrypt specific folders. File share encrypts files written to a specific location with a specific key - as specified in a policy. The folder itself doesnt need to be at a remote location - when you specify the path you can use a local drive including the boot drive. Just make sure your not encrypting any System or Safegaurd files.
When encrypted files are removed from the location in the policy they remain encrypted until a user with the key specificly asks for them to be decrypted. The files even have a key icon on the thumbnail to tell you the state of the encryption.
In your example if both the sender of the email and the recipient had File Share installed they yould encrypt the file before sending it and decrypt it once they recieve it.
The file share feature needs to be installed on the device you want encrypted, then a policy needs to be created and tied to the devices you want encrypted.
If you open the management center and click on Policies, right click on Policy items and then click New > File Encryption.
Name the policy to whatever you want and then click on "Path" and enter the paths for the folders you want to encrypt. You can specify as many as you want. You can also exclude certain sub folders by typing the path for the folder and changing the "Mode" to exclude.
Under key select what key you want to encrypt the data with. This will probably be the most important step as it controls who can access the data. If you just the logged on user to encrypt the data you can select "personal Key" or if you want multiple users to access the data you can use a key for a group or OU. All members of the Group and OU will have access to that key so can decrypt the data.
Once your happy with the policy, save it and then go to Users and Computers, select the domain, group or OU you want to apply it to and select the "policy" tab. Drag your newly created policy to the top pannel and then drag the OU. Group or domain to the bottom screen. Make sure you remove .Authenticated Users and .Authenticated Computers - otherwise the policy will be applied to EVERY computer and user managed by the management center.
We have used it in our organisation and its been quite successful.
You can find more information on page 169 in this guide: http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_h_eng_admin_help.pdf?la=en
You can use File Share to encrypt specific folders. File share encrypts files written to a specific location with a specific key - as specified in a policy. The folder itself doesnt need to be at a remote location - when you specify the path you can use a local drive including the boot drive. Just make sure your not encrypting any System or Safegaurd files.
When encrypted files are removed from the location in the policy they remain encrypted until a user with the key specificly asks for them to be decrypted. The files even have a key icon on the thumbnail to tell you the state of the encryption.
In your example if both the sender of the email and the recipient had File Share installed they yould encrypt the file before sending it and decrypt it once they recieve it.
The file share feature needs to be installed on the device you want encrypted, then a policy needs to be created and tied to the devices you want encrypted.
If you open the management center and click on Policies, right click on Policy items and then click New > File Encryption.
Name the policy to whatever you want and then click on "Path" and enter the paths for the folders you want to encrypt. You can specify as many as you want. You can also exclude certain sub folders by typing the path for the folder and changing the "Mode" to exclude.
Under key select what key you want to encrypt the data with. This will probably be the most important step as it controls who can access the data. If you just the logged on user to encrypt the data you can select "personal Key" or if you want multiple users to access the data you can use a key for a group or OU. All members of the Group and OU will have access to that key so can decrypt the data.
Once your happy with the policy, save it and then go to Users and Computers, select the domain, group or OU you want to apply it to and select the "policy" tab. Drag your newly created policy to the top pannel and then drag the OU. Group or domain to the bottom screen. Make sure you remove .Authenticated Users and .Authenticated Computers - otherwise the policy will be applied to EVERY computer and user managed by the management center.
We have used it in our organisation and its been quite successful.
You can find more information on page 169 in this guide: http://www.sophos.com/en-us/medialibrary/PDFs/documentation/sgn_61_h_eng_admin_help.pdf?la=en
