to download - Secure Support - SafeNet

More documents

Recommendations

Info

Chapter 4AdministrationSleeping Domains/EnvelopesDuring startup, ProtectFile reads the tag file of all registered domains/envelopes.Sometimes this is not possible (for example, the CD with the domain/envelope isnot inserted or the server hosting a domain/envelope is not available). Suchdomains/envelopes are called ―sleeping domains/envelopes.‖ They are marked asAsleep in the View Domains/Envelopes dialog.Typically, their existence is of no importance, as the corresponding files are notavailable. However, it may happen that a sleeping domain/envelope becomesavailable later on (for example, the CD is inserted or the network server isrestarted). In this case, ProtectFile offers the possibility of waking thesedomains/envelopes. In order to do so, the user has to click on the ProtectFile icon inthe task bar.Nested Domains/EnvelopesIt is not possible to define a domain/envelope inside an existing domain/envelope.NTFS CompressionThe NTFS compression attribute and the encryption are not compatible with oneanother. Compressed files should not be encrypted, and encrypted files shouldtherefore not be compressed in order to avoid file corruption.Renaming Envelope Root FolderEnvelope folder structure consists of a root (top-level) folder and all of itssubfolders. Renaming an envelope‘s root folder is not supported by ProtectFile, butrenaming all subsequent subfolders is permitted.Using a New Token with a Newly Issued CertificateLogging on to ProtectFile Premium MSPKI using a new token/smartcard with anew certificate on it may result in an error. This is due to the fact that ProtectFilewill still be looking for the private key associated with the previously used (―old‖)certificate located on the previously used (―old‖) token/smartcard.To circumvent this scenario, the user must initially log on to ProtectFile with the―old‖ token to allow ProtectFile to query the server for the new certificate anddecrypt the existing configuration (and then re-encrypt it) using the new certificate.Incidentally, the user may experience a log on error while using this method. Theuser must then log on again using the new token/smartcard. The user will not beable to access registered envelopes (or get their content in plain text form) untilthese envelopes get administered and, therefore, encrypted with the new public key.38 © SafeNet, Inc.
Adding/Deleting EnvelopesChapter 4AdministrationThe proper method of adding or deleting envelopes is to do it while they are online.Adding or deleting offline envelopes may lead to unpredictable or erroneousresults.Deregistering Assigned DomainsProtectFile does not currently distinguish between assigned domains with a randomkey created on the client side and domains from a transport operation. There is noway to re-register an assigned domain once it has been de-registered.PATH Length LimitationAny path entered at any time into ProtectFile must be less than 260 characters.Supported DFS ConfigurationsIn Version 3.3.2 and higher, ProtectFile domains and envelopes can now belogically grouped for easy access within a DFS (Distributed File System) networkenvironment.With DFS, administrators can create a virtual organization, called a DFS tree ornamespace, which consists of shared directories and folders that are physicallylocated on different computers on the network. For example, an administrator cancreate a single namespace for commonly accessed corporate documents called\\myCompany.com\2006\Sales that maps to physical resources residing on multipleservers.To connect to a DFS tree, the server and client computers must be configured tosupport DFS. Users connect to the root of the tree using any standard method ofaccessing shared folders and then browse it to find the child node they want toaccess. Once connected, from a user‘s point of view, the DFS tree will appear to bea single hierarchy of folders, located on a single server.DFS does not add any additional access control to the shared folders it manages. Ifa user has suitable permission to access a shared folder on the network, he canaccess it through a DFS tree.© SafeNet, Inc. 39
Page 5: Table of ContentsChapter 7 Registry
Page 8 and 9: Chapter 1IntroductionSecurity Overv
Page 10 and 11: Chapter 1IntroductionFigure 3: Exam
Page 12 and 13: Chapter 1IntroductionTHIS PAGE INTE
Page 14 and 15: Chapter 2InstallationProtectFile Pr
Page 16 and 17: Chapter 2Installation4. Fill in the
Page 18 and 19: Chapter 2Installation5. Select your
Page 20 and 21: Chapter 2Installation7. If you are
Page 22 and 23: Chapter 2Installation‣ Log in as
Page 24 and 25: Chapter 2InstallationEnter the loca
Page 26 and 27: Chapter 2InstallationStarting Prote
Page 28 and 29: Chapter 2InstallationUninstalling/U
Page 30 and 31: Chapter 2InstallationTHIS PAGE INTE
Page 32 and 33: Chapter 3Authentication MethodsPass
Page 34 and 35: Chapter 3Authentication MethodsWork
Page 36 and 37: Chapter 4AdministrationNOTEThe Show
Page 38 and 39: Chapter 4AdministrationUpdating You
Page 40 and 41: Chapter 4Administration3. Click Sav
Page 42 and 43: Chapter 4AdministrationBacking Up F
Page 46 and 47: Chapter 4AdministrationReference Ma
Page 48 and 49: Chapter 4AdministrationStand Alone
Page 50 and 51: Chapter 4AdministrationTHIS PAGE IN
Page 52 and 53: Chapter 5Advanced Domain Configurat
Page 54 and 55: Chapter 6Envelope Control Via Scrip
Page 66 and 67: Chapter 7Registry SettingsSample Re
Page 68 and 69: Chapter 7Registry SettingsCSP Regis
Page 70 and 71: Chapter 7Registry SettingsAs a seco
Page 72 and 73: Chapter 7Registry SettingsGINA Regi
Page 74 and 75: Chapter 7Registry SettingsMigration
Page 76 and 77: Chapter 7Registry SettingsMS PKI Co
Page 78 and 79: Chapter 7Registry SettingsThe follo
Page 80 and 81: Chapter 7Registry SettingsLdapUser
Page 82 and 83: Chapter 7Registry SettingsThe searc
Page 84 and 85: Chapter 7Registry SettingsPolicy Re
Page 86 and 87: Chapter 7Registry SettingsValue Dat
Page 88 and 89: Chapter 7Registry SettingsThree (3)
Page 90 and 91: Chapter 7Registry SettingsDNEmailAt
Page 92 and 93: Chapter 7Registry SettingsRemoveEnv
Page 94 and 95:
Chapter 7Registry SettingsDriver Re
Page 96 and 97:
Chapter 7Registry SettingsDisallowI
Page 98 and 99:
Chapter 7Registry SettingsThe DSA k
Page 100 and 101:
Chapter 7Registry SettingsADS_USE_E
Page 102 and 103:
Chapter 7Registry SettingsKey: HKLM
Page 104 and 105:
Chapter 7Registry SettingsKey: HKLM
Page 106 and 107:
Chapter 7Registry SettingsExample
Page 108 and 109:
Chapter 8Server ExtensionTHIS PAGE
Page 110 and 111:
Chapter 9Silent InstallationDefault
Page 112 and 113:
Silent Install.PasswordCSPMicrosoft
Page 114 and 115:
Silent Install.PasswordCSPMicrosoft
Page 116 and 117:
Chapter 9Silent InstallationTHIS PA
Page 118 and 119:
GlossaryDomain Administration Keyph
Page 120 and 121:
GlossaryUser PasswordWindows Regist
Page 122:
Appendix AProtectFile Scripting Exa
show all

to download - Secure Support - SafeNet

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?