This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent Decryption

Hi,

I´m trying to configure the following scenario:

Customer wants to garantee that a specific file share is encrypted.

That share is used by about 30 users and we need to ensure that all the files remain encrypted, even if that information is copied from that share, to a local computer. Only a few users should have the option to decrypt the information.

The client computers were installed with the file share module, (the file share - and the information contained there - was sucessfully encrypted). We have also created a "General Setting Policy" to apply "Enable persistance encryption".

With the above configuration, i can ensure that the file is encrypted on the file share, and also when we copy it from the server to a local computer (to the desktop, for example). However, when righ click on a file that was previously copied from the server to the local computer, i´ve the option to decrypt the information.

That is precisely what i need to prevent - only some users would be allowed to decrypt that information.

I tried to create a "Device Protection" Policy applied to "other volumes" (and also using the drive letter c:), with the setting "User may decrypt files" set to "No", but still i´ve the option to decrypt. 

Can anyone tell me what i´m doing wrong? 

Thanks in advance.

:40301


This thread was automatically locked due to age.
  • Good afternoon to everyone.

    Does anyone had this issue before? All my tests were unsuccessfull. Since the initial configuration, i´ve created a new Data Transfer Policy (and of course, have installed that module on the test computer) and set the policy to prevent decryption on removable media (despite i´ve tried all the available option).

    Using RSOP i see that the policies are being applied has they should, however, the behavior remains - each time that i copy some encrypted file from the file share, despite it remains encrypted (due to the persistance encryption policy), i´m able to decrypt it if i right click over that file :smileyfrustrated:

    Help please..:smileyindifferent:

    :40353
  • This is a rather old question but im running into the exact same scenario now, anyone found a solution to this yet?

     

    Best regards,

    Max.

  • Why would the users copy the data to a local area? Are you using any loopback policy?

    Device protection would not help here as that would be full disk encryption, which if you're keeping things for compliance reasons is OK that the files are allowed to be 'decrypted' as the whole disk would be encrypted (provided you made a policy for that).

    Do you have any Trusted Applications or Ignored Applications configured?

    What's RSOP show? This sounds interesting and may actually be a bug. Please provide some info here if you don't mind.