Location based File Encryption Policy for User Home Folders

Question

Hi. We want to single Location based file encrytion policy for user Home Folders in our file server. If we setup the encryption policy using "Personal Key", it that possible for other users to decrypt it by sharing the "Personal Key" in case they need to do so? 
 If not possible the we need to setup policy for every users with Windows AD Group key.

Funkey · Answer

Hi SK, 
 if you want to share encrypted information you should use a group key that is in every users keyring who should have access. 
 A personal key can only be assigned to another user if it has been "demoted" (this is irreversible) . In this case the initial user would get a new personal key which is then used for future encryption operations which are based on an encryption policy that has the "personal key" variable defined. 
 So for recovery scenarios where a user has for example left the company, this can be done but for standard sharing scenarios (e.g. team folders on file servers) it does not make much sense to use personal keys. 
 Hope that answers your question. 
 Cheers 
 F.

SK · Answer

Yes, I'm talking about the second scenario where the person left the company and their sucessor need to access the files. 
 Demote the Personal key allow share of it serve our purpose. And this can greatly simplfy the policy creation task for home folders. 
 Thanks.