Centrally managed folders

The DriveLock Enterprise Service (DES) manages administrative information, such as user permissions, centrally. This means that this information can be managed from both DriveLock consoles.

As centrally managed folders will only use certificates for authentication, you will need to distribute certificates and create File Protection users first.

How to create centrally managed folders

• Starting with version 2024.1, it is possible to specify that an encrypted folder is to be centrally managed directly when creating it on the agent. Doing so has the following advantages: Any existing files may also be encrypted and the centrally managed folder can be located anywhere.

• In DriveLock On-Premise environments, you can also create centrally managed folders in the DMC under DriveLock File Protection-> Centrally Managed Folders, although with this method you cannot encrypt existing files and the directory must be located on a network share to which the DES (primary server) has access.

Managing access permissions

Administrators can delegate the permissions to perform these tasks to others. This enables designated individuals to administer permissions for their departments and also makes it possible to remove the permission to decrypt certain sensible files even from administrators.

To change the permissions, the following options are available:

• Via the agent on the encrypted folder

• In the DOC under Security Controls -> Encryption -> File Protection -> Centrally managed folders

• In the DriveLock Management Console (DMC) under DriveLock File Protection-> Centrally managed folders

In any of the above cases, users who are authorized as folder administrators can add or remove new users or change the permissions of existing users.

If a centrally managed folder in the DOC is deleted, the folder itself becomes an independent folder.