FAQ

   


FAQs by Category 

Installation Guide



 
 
FAQ No.:00181 
Category:Advanced Settings 

 
Question:How to enable Local Encrypted Drive?
 
Answer:By default, Local Protected Directory is not encrypted when it is created after installation of Curtain Client. Administrators can enable the function of Local Encrypted Drive to encrypt Local Protected Directory in order to enhance the security. Once Local Encrypted Drive is applied to a workstation, it cannot be rolled-back to non-encrypted local protected directory.

Actually Local Encrypted Drive is a virtual drive. The drive is stored as an encrypted file when the client computer is power off. When the computer startup, the encrypted file will be mounted as a virtual drive. Users can access data stored in the virtual drive normally. Since all the data in the virtual drive is stored as an encrypted file when computer is off, the data is well protected even the computer is lost or stolen. The size of the Local Encrypted Drive will be equal to the size of the encrypted file. Therefore, please make sure that the location for storing the encrypted file has enough free space for the encrypted file. That is the mechanism of Local Encrypted Drive.

Steps to enable Local Encrypted Drive (in Curtain Admin):
1. In Curtain Admin, select "File > Settings".

2. In Local Encrypted Drive tab, check "Enable Local Encrypted Drive" as below.
Currently Curtain e-locker supports three well-known encryption tools for encrypting the local protected directory, namely VeraCrypt, BitLocker and TrueCrypt. You can select one of them.



3. Click OK to confirm (Once you click OK to confirm, you cannot disable Local Encrypted Drive).

4. After Local Encrypted Drive is enabled, "Local Encrypted Drive Settings" will display in file menu. Also, "Client - Protected Area" view will be shown in left panel.

"Local Encrypted Drive Settings" in file menu


"Client - Protected Area" view in left panel


"Client - Protected Area" includes two types of clients.
Local Protected Directory - list out all Curtain Clients which are using default local protected directory. It means data in local protected directory is NOT encrypted.
Local Encrypted Drive - list out all Curtain Clients which are using local encrypted drive. It means local protected data is stored in an encrypted drive.

After enabling Local Encrypted Drive, administrators can search clients and create the encrypted drive for them. Please refer to steps below.


Steps to search clients and create default Local Encrypted Drive for them (in Curtain Admin):
1. In Curtain Admin, select "File > Local Encrypted Drive Settings".

Then, Local Encrypted Drive Settings dialog box will be shown as below. Administrators can search clients by specific criteria and apply suitable settings to those clients for creating Local Encrypted Drive. For example, you can find out clients which have more than 10GB free space in local drive and then create Local Encrypted Drive with 1GB size for those clients.



The following is detailed description of each search criteria:
  • Protected Type: Local Protected Directory or Local Encrypted Drive
  • Client Name: Computer name of the client (support fuzzy search)
  • Operating System: Enter the operating system keywords, such as Vista
  • Local Drive: Search for clients which have specific local drive letter
  • Local Drive Total Space: Search for clients which have specified range of total disk space of local drive
  • Local Drive Free Space: Search for clients which have specified range of free disk space of local drive
  • Local Encrypted Drive Total Space: Search for clients which have specified range of total disk space of local encrypted drive
  • Local Encrypted Drive Free Space: Search for clients which have specified range of free disk space of local encrypted drive
  • Local Encrypted Drive Status: Status of local encrypted drive, including: 
    • "All": all status
    • "Have not got settings": clients have not received the settings about creating local encrypted drive from Curtain Admin
    • "Have got settings": clients have received the settings about creating local encrypted drive from Curtain Admin
    • "Create failed": clients failed to create local encrypted drive
    • "Create success": clients created local encrypted drive successfully
    • "Mount failed": clients failed to mount local encrypted drive
    • "Mounted success": clients mounted local encrypted drive successfully
    • "To be delete": administrator has submitted request to delete local encrypted drive (only for extend encrypted drive)
    • "Delete failed": clients failed to delete local encrypted drive (only for extend encrypted drive)
    • "Delete success": clients deleted local encrypted drive successfully (only for extend encrypted drive)

2. Click "Encryption Password..." to set password for encryption.
Before you can configure encrypted drive for clients, you must set a password for the encryption.



3. Enter password and click OK to confirm.
After click "OK", the system will ask you to back up the password file. Please keep the password file carefully.

Now, you can find out clients and apply suitable settings to those clients for creating Local Encrypted Drive (described above). For example, you can select Local Protected Directory to search for clients that have not adopted local encrypted drive. Or, you can select Local Encrypted Drive to search for clients that have created local encrypted drive.

4. Select "Local Protected Directory" and click Search button.
The system will list out all clients which have not adopted Local Encrypted Drive (still using default Local Protected Directory).



5. Select clients and click "Create Default Encrypted Drive..." (use Ctrl button for multiple selection)
The system will alert you to backup data stored in Local Protected Directory before upgrading to Local Encrypted Drive.



6. Click Yes to proceed, when you have already backup your data in local protected directory.
Then, "Create Default Encrypted Drive" dialog box will prompt as below. You can define suitable settings for creating Local Encrypted Drive for the selected clients.



Settings in "Create Default Encrypted Drive" dialog box:
  • Size of Default Encrypted Drive (GB): size of the local encrypted drive you want to create
  • Default mapping drive letter (A-Z): default drive letter for mapping the local encrypted drive
  • The default drive letter of the file storage location: default drive location for storing the encrypted file of Local Encrypted Drive. Please make sure that the local drive has enough free space for storing the encrypted file.
  • Mapped drive letter is occupied when processing: specify the way how to proceed if the Default mapping drive letter is occupied on the client computer
    • Automatically select a free drive letter: the system will automatically mount the local encrypted drive by using a free drive letter
    • Stop processing and report errors: the system will stop to proceed and report error to Curtain Admin
  • Disk space is not enough when processing: specify the way how to proceed if the Default Drive for storing the encrypted file has not enough disk space
    • Automatically matches a drive that not less than 1GB: the system will automatically create a 1GB local encrypted drive (instead of the Size specified)
    • Stop processing and report errors: the system will stop to proceed and report error to Curtain Admin

7. Click "OK" to confirm after finishing the settings.

Next time when the Curtain Client opens, the system will prompt the user to create the Local Encrypted Drive.

It is just an example for reference:
  • Size of Default Encrypted Drive (GB): 10
  • Default mapping drive letter (A-Z): F:
  • The default drive letter of the file storage location: C:
  • Mapped drive letter is occupied when processing: Automatically select a free drive letter
  • Disk space is not enough when processing: Automatically matches a drive that not less than 1GB
This example means to create a 10GB size Local Encrypted Drive and mount with F: drive letter. When client computer is off, the encrypted file is stored in C: drive. If C: drive in client computer has no 10GB free space, the system will automatically create a 1GB local encrypted drive. If F: drive letter is occupied, the system will use another available drive letter.

8. Double click a client in "Local Encrypted Drive settings" dialog box, to view detailed information.

This picture shows that Local Encrypted Drive has been created successfully for the client.



Steps to finish the creation of Local Encrypted Drive in Curtain Client:
1. Next time when the selected clients open Curtain Client, the system will prompt the users to create Local Encrypted Drive.



2. Click Yes to create Local Encrypted Drive, or click No to create the drive later.

After clicking Yes, the Local Encrypted Drive will be created in client after rebooting the computer. Please remember to backup data in local protected directory if needed.

3. Open Curtain Client after rebooting the computer. Then, the system will prompt the user as below.



4 .Click OK to proceed. Then, the system will create the Local Encrypted Drive immediately.




5. Done. Here is the interface of Curtain Client after creating Local Encrypted Drive.



In Curtain Client, "Local Encrypted Drive" is shown under My Computer.

The first Local Encrypted Drive created must be Default local encrypted drive. Administrators can create Extend Local Encrypted Drive for clients as additional encrypted drive. Under local encrypted drive, you can see there are two folders, namely Personal and Public. The Personal folder is for the current login user only, while the Public folder can be used by other users. So, you can use Personal folder for storing your private documents and use Public folder for sharing documents in the client.

If you have Additional Protected Directory before upgrading to Local Encrypted Drive, the additional protected directory will be still there. Local Encrypted Drive is not applicable to additional protected directory.

In the example stated above, Drive F: is the Default local encrypted drive, while Drive G: is the Extend local encrypted drive. Users can only access files in Protected Zone (including local encrypted drive) under Curtain e-locker environment, such as Curtain Client or protected application (e.g. Word application having Curtain icon at top right corner). If users try to access local encrypted drive directly in Windows Explorer, it is prohibited.



Steps to handle clients which failed to create/mount Local Encrypted Drive (in Curtain Admin):
Some clients may fail to create/mount the Local Encrypted Drive, due to many reasons, such as insufficient disk space for storing the encrypted file, or assigned drive letter is occupied. Then, administrators can find out all these clients and fine-tune the settings for creating local encrypted drive again.

1. In Curtain Admin, select "File > Local Encrypted Drive Settings".



2. Select "Local Encrypted Drive" for Protected Type.

3. Select "Mount failed" or "Create failed" for Local Encrypted Drive Status.

4. Click Search to find out all clients which failed to mount/create Local Encrypted Drive.

5. Double-click a client to open Client Details dialog box.

6. Click the button as picture below, to change settings of Local Encrypted Drive.



7. Click "OK" to confirm after finishing the settings.

Next time when the Curtain Client opens, the system will prompt the user to create the Local Encrypted Drive again.


Steps to search clients and create Extend Local Encrypted Drive for them (in Curtain Admin):
Administrators may need to create Extend Local Encrypted Drive, due to many reasons, such as default local encrypted drive is almost full. Then, administrators can create extend local encrypted drive for those clients.

1. In Curtain Admin, select "File > Local Encrypted Drive Settings".

Then, Local Encrypted Drive Settings dialog box will be shown as below. Administrators can search clients by specific criteria and apply suitable settings to those clients for creating Extend Local Encrypted Drive. For example, you can find out clients which have less than 500MB free space in Local Encrypted Drive.

2. Enter criteria and click Search button.

3. Select clients and click "Create Extend Encrypted Drive..." (use Ctrl button for multiple selection)

The steps of creating extend local encrypted drive is quite similar to the steps of creating default local encrypted drive. You may refer to the procedures of creating default local encrypted drive.




Steps to review audit log for Local Encrypted Drive (in Curtain Admin):
All the activities of Local Encrypted Drive (e.g. create/mount default local encrypted drive, remove extend local encrypted drive, and etc) will be logged for audit trail purpose.

1. In Curtain Admin, select "File > Audit Trail".

2. Enter criteria and click Search.

Here is an example.