Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

311

312

313

314

315

316

317

318

319

320

Security Management Server v10.2.7 AdminHelp

295

• Develop a plan for adding and removing users from a group if internal users join or leave the

enterprise.

• As a best practice, stagger deployment of Access Groups to user groups.

Note: Access groups should be specific groups within the enterprise, not the entire enterprise.

Return to top

Enterprise does not yet have Data Guardian

If you do not yet have Data Guardian installed, develop a plan for implementing access groups and

creating a smooth transition for users who have shared files.

Determine a transitional time range for deployment

Initially, enable Access Groups and Auto access for swept files for a transitional period. This should be a

brief time but long enough for user files to be swept. In the transitional period, allow enough time for the

following:

• Determine or estimate the quantity of documents that users have. Allow enough time for Data

Guardian to sweep unprotected files. A sweep occurs with the following:

• If you enable Force-Protected mode (Office documents and PDFs) or Basic File

Protection (additional file types), all those unprotected files are swept.

• Opt-in mode - A sweep only occurs for Content Based Protection (Windows only),

TITUS Classification (Windows only), or Basic File Protection (additional file types).

• Users must log in to their computers while Access Groups and Auto access for swept files are

enabled. Be sure to allow for users who are out of the office or on vacation.

Instruct users to process shared files

Inform internal users who will be in their access group and allow them to process shared files to ensure

a smooth transition. Inform them that this effort will minimize their having to request access to shared

files later.

• After Access Groups is enabled, a sweep occurs for Windows and Mac files. See

Disable_Auto_access_for_swept_files

. If files are shared by multiple users, the first computer to

be swept gives ownership of any shared files to the owner of that computer, not the original

author.

• All internal users within the same access group will have access to the file.

• If the original author of the file is not in the access group with the user whose computer

was first swept, the author must request access or request that the administrator

change ownership of the file

• External users' unprotected shared files are not swept.

• If Auto access will be temporarily enabled, instruct users that any internal user outside their

access group who has a copy of the file has permanent access to the key. In some cases, the

key cannot be revoked later. See Disable_Auto_access_for_swept_files

Note: After Auto access is disabled, for those outside an access group, the internal user can

grant access or users outside the access group can request access if they receive an encrypted

file. You can revoke the key access in the Management Console if needed.

Return to top

Enterprise has Data Guardian Installed