SafeGuard LAN Crypt Administration - How to assign a userkey to an additional user

  • Article ID: 108691
  • Updated: 28 Oct 2010

Issue
This article describes how to assign a userkey to an additional user. You might want to do this, for example, because a user has left the company and you must have access to the encrypted files.

Product
SafeGuard LAN Crypt Administration v.3.5x and above

Client OS

Windows 7, Windows Vista, Windows XP

Requirement in order to use another userkey:

- The users have a certificate
- The users have a profile
- The users have a userkey

Otherwise, they have to be created.

What to do

In the example given here, we are working with an SO User. Therefore, the SO has to be assigned extended rights. If you only plan to log in with an MSO (Master Security Officer) User, you do not need to configure any additional global permissions.

1. Extend the SO's rights

  1. Login under the MSO account.
  2. In the SafeGuard LAN Crypt Administration window, open the Central Settings | Security Officer Administration.
  3. From the Action menu select "Show Global Permissions..." and select the SO who should be assigned new extended rights.
  4. In the 'Permissions for <username>' panel, select "Allow" for all of the permissions that the user requires. Most importanlty, ensure "Use Specific Keys" is checked.
    This permission is important for "Available Key Types" in the steps below.


2. Create a new Group

This group is created specially so you can assign the required rights to at least two specified users. This allows them to use a key other than their own.
A new rule is created for one user and assigned to a second user.

  1. Select Keychange [Server] | Encryption Rules


  2. Create a new rule. In this example the user Willi Klein will use the userkey from the user Tanja Wau.
    • Select "Assign a key without path". This is important because we do not know where Tanja has saved her encryption data.
      Please note: If Tanja saves her data in her local profile, you have to ensure that Willi has NTFS rights to access Tanja's local profile.
    • Select "Show special keys" in order to display the specific user keys. This can only be selected if the SO has the required permission. (See Section 1 above.)
    • Select the userkey from Tanja Wau " $UK$WTWAU "


    • To complete the steps, build a new profile for Willi.

3. Test that the changes work

In order to test, complete the following steps:

  1. Create a new encryption rule for Tanja




  2. Build a new profile for Tanja and reload the encryption rules on the workstation.
    Tanja has created a new folder on her workstation "c:\tanja" and she has saved some files in this folder.
  3. Logout Tanja and login with Willi.

From this point on, Willi can access Tanja's files because he has the userkey from Tanja in his profile. To check that Willi has the userkey from Tanja, select the LANCrypt tray icon and select "Show profile" and look under the second tab "Available keys".



 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments