Atlansys Software Atlansys Archiver
  ru Main page About Site map

Unique program tool for backup copy and information protection

 
Products
Atlansys Server
Atlansys BackUp Server
- Description
- Specification
- Interface
- Use cases
Atlansys Bastion Pro
Atlansys Bastion
Technologies
Licenses
Buy products
Support
Partners
Pressroom
About us
 
     
 


 


 

 

  
  Atlansys Server use cases  
  SECURITY OF CORPORATE DATA STORAGE    

How to make a security storage of organization's information resources and users data in corporate network?

In order to reliably protect the personal data of users and their profiles on Microsoft Windows 2000 Server and Windows Server 2003 administrator can use the redirect folders function, and the profile's movement for the user's environment settings.

Using Active Directory and group politics administrator can redirect the following folders:

  • Application Data (user programs setting and environment, additional modules);
  • Folders "My Documents" and "Desktop";
  • Folder "Main Menu".

Also, you may create a moving profiles (C:\Document and settings\USERNAME) to store them on the server disk.

Using redirect folders and moving profiles has the following advantages:

  • Ease of data access;
  • Simplify of the data backup task;
  • The possibility of using "unnamed" computers in the organizations with a well-developed structure of the central control;
  • The ability to transparently encrypt data stored on the server.

The next paragraphs describe the opportunity of user's data encryption on servers.

For example we use the organization with a domain controller for Windows Server 2003 and file server with the installed Atlansys Server (you may also store user's files on the domain controller).

First, you have to create an encrypted disk, where the files will be stored. In Atlansys Server console choose section "Keys Registry" and click the button "Create ". In opened window enter key's parameters and password and generate random data after click "Create" button.

When copy key to removable media to store the its backup in a secured place. Once the key is created, move on to the next phase of creating an encrypted disk.

In a hierarchical list, select "Drives" and in the tool bar click the "Create" button. In the Master of protected disks creation specify the following parameters:

- Placement (choice partition for encryption);

- Description (description of encrypted partition);

- Disk (drive letter, which will be mounted on the partition).

After completing the fields proceed to the next step, where you will be asked to choose a key for encryption. Select the previously defined key. Select file system type and cluster size and press the button "Create". If the key was not loaded, it will be appeared a window for entering your password.

Once the disk will be created, it will automatically be formatted by the selected file system type, and mounted on the corresponding drive letter.

The next step is creating a structure of folders for storing user data. There are several types of folders structure, e.g. save documents and files in separate folders for each user, common desktops and folders "Main Menu", etc. We will be considering the structure, which consists of folders, named with user name and they contain all the data and documents of this user.

Create an encrypted disk folder "UserFiles". Inside this folder will be automatically created folders USERNAME\Documents, USERNAME\Desktop, etc.

Open write access for this folder and open common access for the user group, which will be used for policy redirection (FoldRedirUsers).

Next, specify for the user account use of moving profile and the path to it. In Active Directory Users and Computers, select the users, press right mouse button and display properties.

On the Profile tab select checkbox Profile path and specify moving profiles storage, in our case, it's \\Server01\UserFiles\%username%\profile (Where Server01-server name with the encrypted disk).

To enable redirection of folders use group politics control, create a new group policy object FoldRedirUsers_GPO and specify the applicability of this policy for the group FoldRedirUsers. Open policy for editing.

In the section "User Configuration - Configuration Redirect - Windows folder" for each type of folder write down necessary parameters, such as:

  • For Application Data: "Politics" "Advanced" (give different locations for different users groups), "Membership in the security group" "Add ". Choose FoldRedirUsers group, in the section "Placing the destination folder" - "Create a folder for each user" and "Root path" - \\Server01\UserFiles\%username%\appdata.
  • For the rest folders do the same way, but use other root paths:: \\Server01\UserFiles\%username%\Documents for "My Documents" folder, \\Server01\UserFiles\%username%\ Desktop for the "Desktop", and \\Server01\UserFiles\%username%\startmenu for "Main Menu".
  • Other parameters may be left by default.

Next, use created group policy object.

Basic configuration for use moving profiles was made. Now, during the user authentication procedure the necessary directories and folders will be created automatically and folders "My Documents", "Desktop" and the others will be used on a server protected encrypted disk.

 
Авторизация
Логин:
Пароль
Регистрация
Забыли свой пароль?
 
It works
  © Программные системы Атлансис 2005-2024 г.г.