Using MS Certificate Server you can set up a full blown PKI,  complete with client auto-enrollment for user certificates, EFS (encrypted file system), and PGP-like security for exchange users.

Having MS's Public Key Infrastructure actually makes EFS useful as the key isn't stored on the machine that you are encrypting.

It all seems like a nice solution.  Although, I have only read about it and dreamt of having the time to set it up.  It certainly doesn't look like a small undertaking. :)

http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx

If you decide to go for this or some other solution please share experience.  

Bryan Murphy | CISSP, MCP |
IT Coordinator | MSU Plant Research Lab & Plant Biology
http://infotech.prl.msu.edu


On Jan 28, 2007, at 1:31 PM, Charlot, Firmin wrote:

Deploying and maintaining an enterprise solution to encrypt targeted data (databases, files, and emails) can be cumbersome and expensive.  The ideal solution is one that does not change the user’s behavior.  On the support site it would provide an easy way for an administrator to restore and decrypt data in case of emergency.  It would be nice if such a solution does not make a noticeable dent in one’s budget.

 

Back to reality!

 

Is there anyone out there using an enterprise encryption solution and if so would you mind sharing about your setup?

 

Thanks.

 

 

Firmin Charlot, MCSE, A+

Information Systems Manager

Educational and Support Services

162 Student Services Building

East Lansing, MI 48824

[log in to unmask]

(517) 432-7541

 



Bryan Murphy | CISSP, MCP |
IT Coordinator | MSU Plant Research Lab & Plant Biology
http://infotech.prl.msu.edu