Sean, A magic decoder ring does sound good. Where did you get yours? (grin) Thanks for your questions. Here is what I am trying to do: 1. Encrypt a folder on a shared drive. 2. Give users (based on group membership) access to the encrypted share without changing their behavior i.e. no prompts for password and no need to encrypt added files and subfolders, etc. 3. Give administrators (based on group membership) access to be able to decrypt in an emergency. 4. If data is copied to a USB drive, it remains encrypted (great for mobile users) PGP seems to have a way to do all of the above using PGP Desktop Storage and PGP Universal Server but these are expensive. Looking for alternatives. Firm. -----Original Message----- From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Sean O'Malley Sent: Monday, January 29, 2007 11:13 AM To: [log in to unmask] Subject: Re: [MSUNAG] End-to-End Encryption A magic decoder ring, helps.I got mine in a box of lucky charms. =-) It is pretty easy to implement an encrypted filesystem and use encrypted transmission protocols ssl/tls, kerberos, etc. nowadays. But given that you want the administrator to easily be able to decrypt the data, you are also looking at potential for "hackers" to also easily be able to decrypt the data thus defeating your own purpose. Is there something specific you are interested in implementing first? It is a multi-step, multi-layer process. Pick a starting point. The first is usually, either network, or server security. -------------------------------------- Sean O'Malley, Information Technologist Michigan State University ------------------------------------- ________________________________________ From: Charlot, Firmin Sent: Sunday, January 28, 2007 1:31 PM To: [log in to unmask] Subject: End-to-End Encryption Deploying and maintaining an enterprise solution to encrypt targeted data (databases, files, and emails) can be cumbersome and expensive. The ideal solution is one that does not change the user's behavior. On the support site it would provide an easy way for an administrator to restore and decrypt data in case of emergency. It would be nice if such a solution does not make a noticeable dent in one's budget. Back to reality! Is there anyone out there using an enterprise encryption solution and if so would you mind sharing about your setup? Thanks. Firmin Charlot, MCSE, A+ Information Systems Manager Educational and Support Services 162 Student Services Building East Lansing, MI 48824 [log in to unmask] (517) 432-7541