- In the task you will configure a multi-key synchronized encryption policy and test its operation.
- We will configure a multi-key synchronized encryption policy. The policy will use a relative path named VACIF STAFF that is encrypted using a key that is only accessible to VACIF STAFF menber.
What to do
- You must install SafeGuard Server on DC, SafeGuard Client on Client 1-2-3.
- You can see instruction here :
- Install SafeGuard Server.
- Install SafeGuard client with Application Base.
On DC – SafeGuard Server
- Firstly, we will create 2 OU with name is VACIF STAFF and VACIF MANAGER.
- Set up user Micheal and Vincent belong to VACIF STAFF OU.
- Set up user Zee belong to VACIF MANAGER OU.
- We will create Share folder and share it with full control for everone.
- Open SafeGuard Management Center and login with your password.
- Then click Users and Computers > choose Root in the tree view > Synchronize tab .
- In Directory choose DC = VACIF,DC=COM and click Magnifying.
- In the table, tick VACIF STAFF and VACIF MANAGER and then click Synchronize.
- Next to click Policies, right-click Policy Items > New > File Encryption.
- Name the policy File Encryption.
- Fill in the information as shown below and click Save.
- To apply policy, click Users and Computer > VACIF.COM > VACIF STAFF > Policies tab.
- Drag and drop File Encryption policy from Available pane to Policies tab pane and then click Save.
On Client 1 (user Micheal)
- Double-click SafeGuard icon to receive created policy earlier.
- Press Alt + R > fill in the column IP address \\192.168.100.1 (Server’s IP address).
- File explorer appears, double-clickShare folder.
- On Share folder, create VACIF STAFF folder and double-click it.
- On VACIF STAFF folder, right-click choose New > Microsoft Document Word.
- Name the file Test.
- Open Test file and fill in ‘This is OU VACIF STAFF’s file’ and then click Save.
- At this time, Test file is encrypted with key OU_VACIF STAFF@DC = VACIF,DC=COM.
- To check key, right-click Test file > SafeGuard File Encryption > Show encryption state.
On client 2 (user Vincent)
- Press Alt+R and fill in \\192.168.1.100.
- File explorer appears, double-click Share folder > Double click VACIF STAFF folder.
- Open Test file.
- Although the file is encrypted, user Vincent can still read write Test file because user Vincent in the VACIF STAFF OU.
- Drag and Drop Test file from VACIF STAFF folder to Desktop.
- Right-click Test file > SafeGuard File Encryption > Show encryption state.
- At this time, Test file is encrypted with key ‘Root_Synchronized_Encryption@SGN’ because The Root Synchronized encryption key applies to <Everywhere> as was seen in SafeGuard Management Center > Policies > File Encryption Pane.
- Drag Test file back from the Desktop into the VACIF STAFF folder in FIle Explorer.
- This will re-encrypt the file with OU_VACIF STAFF key.
On Client 3 (User Zee)
- Press Atl+R and fill in \\192.168.100.
- File explorer appears, double-click Share folder > double-click VACIF STAFF folder.
- Try to open Test file but we don’t see it content because user Zee is in the VACIF MANAGER, is not in the VACIF STAFF.