Using MS Certificate Server you can set up a full blown PKI, complete with client auto-enrollment for user certificates, EFS (encrypted file system), and PGP-like security for exchange users. Having MS's Public Key Infrastructure actually makes EFS useful as the key isn't stored on the machine that you are encrypting. It all seems like a nice solution. Although, I have only read about it and dreamt of having the time to set it up. It certainly doesn't look like a small undertaking. :) http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx If you decide to go for this or some other solution please share experience. Bryan Murphy | CISSP, MCP | IT Coordinator | MSU Plant Research Lab & Plant Biology http://infotech.prl.msu.edu On Jan 28, 2007, at 1:31 PM, Charlot, Firmin wrote: > Deploying and maintaining an enterprise solution to encrypt > targeted data (databases, files, and emails) can be cumbersome and > expensive. The ideal solution is one that does not change the > user’s behavior. On the support site it would provide an easy way > for an administrator to restore and decrypt data in case of > emergency. It would be nice if such a solution does not make a > noticeable dent in one’s budget. > > > > Back to reality! > > > > Is there anyone out there using an enterprise encryption solution > and if so would you mind sharing about your setup? > > > > Thanks. > > > > > > Firmin Charlot, MCSE, A+ > > Information Systems Manager > > Educational and Support Services > > 162 Student Services Building > > East Lansing, MI 48824 > > [log in to unmask] > > (517) 432-7541 > > > > Bryan Murphy | CISSP, MCP | IT Coordinator | MSU Plant Research Lab & Plant Biology http://infotech.prl.msu.edu