This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Prevent Decryption

Hi,

I´m trying to configure the following scenario:

Customer wants to garantee that a specific file share is encrypted.

That share is used by about 30 users and we need to ensure that all the files remain encrypted, even if that information is copied from that share, to a local computer. Only a few users should have the option to decrypt the information.

The client computers were installed with the file share module, (the file share - and the information contained there - was sucessfully encrypted). We have also created a "General Setting Policy" to apply "Enable persistance encryption".

With the above configuration, i can ensure that the file is encrypted on the file share, and also when we copy it from the server to a local computer (to the desktop, for example). However, when righ click on a file that was previously copied from the server to the local computer, i´ve the option to decrypt the information.

That is precisely what i need to prevent - only some users would be allowed to decrypt that information.

I tried to create a "Device Protection" Policy applied to "other volumes" (and also using the drive letter c:), with the setting "User may decrypt files" set to "No", but still i´ve the option to decrypt. 

Can anyone tell me what i´m doing wrong? 

Thanks in advance.

:40301


This thread was automatically locked due to age.
Parents
  • Why would the users copy the data to a local area? Are you using any loopback policy?

    Device protection would not help here as that would be full disk encryption, which if you're keeping things for compliance reasons is OK that the files are allowed to be 'decrypted' as the whole disk would be encrypted (provided you made a policy for that).

    Do you have any Trusted Applications or Ignored Applications configured?

    What's RSOP show? This sounds interesting and may actually be a bug. Please provide some info here if you don't mind.

Reply
  • Why would the users copy the data to a local area? Are you using any loopback policy?

    Device protection would not help here as that would be full disk encryption, which if you're keeping things for compliance reasons is OK that the files are allowed to be 'decrypted' as the whole disk would be encrypted (provided you made a policy for that).

    Do you have any Trusted Applications or Ignored Applications configured?

    What's RSOP show? This sounds interesting and may actually be a bug. Please provide some info here if you don't mind.

Children
No Data