72 ZENworks Endpoint Security Management Administration Guidenovdocx (en) 17 September 2009Users assigned policies created by different Management Consoles cannot access each other’s fixeddisk encrypted files unless you share (export and import) encryption keys between consoles. Thesame is true of files on an encrypted removable storage device, with the exception of files located inthe Password Encrypted Files (shared) folder. For files located in the shared folder, the user mustprovide the access password.If an endpoint device does not have the Security client installed, users of the device can accessshared folder files from an encrypted removable device if 1) they have the ZENworks FileDecryption Utility and 2) they know the file access password. For information about the FileDecryption Utility, see Section 9.1, “Using the ZENworks File Decryption Utility,” on page 203.5.8 Managing KeysKey management permits you to back up, import, and update an encryption key. We recommend thefollowing key management practices: Export and save your encryption keys. This ensures that, in the case of a systems failure or aninadvertent policy change, data can be decrypted. Each Management Console has its ownencryption key. If you have multiple Management Consoles, you need to export the encryptionkey from each console. If you believe that an encryption key is compromised, update to a new key. Generating a newkey results in a temporary performance decrease on endpoint devices while the Security clientreencrypts data. If you have used multiple Management Consoles to create Data Encryption policies, youshould export the key from each Management Console and import it into the other consoles sothat all Management Consoles have all keys. This allows the Management Console to includeall keys in each Data Encryption policy. The result is that all Security client users, regardless oftheir Data Encryption policy, can access encrypted policies created by other Security clientusers in your environment.Encryption Key controls are accessed through the Tools menu of the ZENworks Endpoint SecurityManagement Console.