Magyc® Folder
  • 19 Oct 2020
  • 7 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Magyc® Folder

  • Print
  • Share
  • Dark
    Light

MagicFolder has been renamed Magyc Folder.

SecureCircle's MagicFolder feature is designed to automatically protect files by assigning a Circle to them whenever they are created in, moved to, or edited and saved to either the primary directory or sub-directories. This feature is commonly used to protect entire drives, SMB shares, or more targeted workflows, such as financial report data that is output daily from a database, or to on-board customer data via a file server or cloud storage location.

MagycFolder can be useful for archives and network storage of files allowing multiple people to access and edit the files while ensuring they remain protected. It is also useful for business cases where you need to protect files received by a customer. Designate a directory as a Magic Folder, and all files that arrive through a file sharing method can be saved directly to it and protected without any human intervention.

Note

File(s) that are manually removed from the Circle (using "Remove from Circle" option) will get automatically re-added to the Circle if a process modifies the file within the Magic Folder directory.

Creating a Basic Magyc Folder

  1. Create or choose a folder.
  2. Right-click the folder and choose Add to Circle. Select your Circle from the list that appears next to it.
  • If you see Circle names but they are all grayed out, you currently do not have access to these Circles. Consult your SecureCircle administrator to confirm your device and/or gain access to the desired Circle.
  1. Confirm the folder is now a MagicFolder by checking for an icon overlay of a shield, or by right-clicking the file and navigating to Properties. There you will see a SecureCircle tab with details on the Circle

Creating a Network Shared Magyc Folder

For this option, you will need to have the SecureCircle agent installed on both the source machine the folder is located on, and any machine that needs to access that data.

  1. While logged into the source machine (file server, SharePoint server, wherever the data is actually stored), create or choose a folder.
  2. Right-click the folder and choose Add to Circle. Select your Circle from the list that appears next to it.
  • If you see Circle names but they are all grayed out, you currently do not have access to these Circles. Consult your SecureCircle administrator to confirm your device and/or gain access to the desired Circle.
  1. For any other system that you wish to access the data from, or transfer data to the server from, simply act as if nothing has changed. Files that end up in the MagicFolder on the server side will become protected with the Circle it is in.
  • Keep in mind if you do not have SecureCircle, these files will be protected and unable to access.

Creating a one-way Shared Magyc Folder

This method may not be typical. For the use case where you want multiple teams with multiple Circles to store data in the same location, but ensure not all SecureCircle users have access to every file, you can create a network mapped location that will protect files with your chosen Circle. This would allow users who have access to multiple Circles to access data they are authorized to, while still allowing files to be stored in a central location and shared amongst teams. If this is your primary use case, it is advised you consider using Active Directory to manage permissions instead.

  1. Map a network drive, or add a network location to your computer.
  2. From “This PC” where you have drives and network locations listed, you can right-click and select Add to Circle on any network location, folder, or drive (with the exception of your operating system drive). Select your Circle from the list that appears next to it.
  • If you see Circle names but they are all grayed out, you currently do not have access to these Circles. Consult your SecureCircle administrator to confirm your device and/or gain access to the desired Circle.
  1. Dragging and dropping files, opening this location and creating or saving files, or editing files you have access to in this location will automatically become encrypted with your chosen Circle.
  • If this location is a file server or a network storage device not on your system, other people who drag and drop, create and save, or edit files in this directory will not become protected unless they have SecureCircle installed and have created the same MagicFolder locally on their system.
  • Users who have access directly to the file server or network storage device will not be able to access, protect, or unprotect files unless SecureCircle is installed there, and they are in the proper Circles with the right permissions.

Adding Magyc Foldeers to a Domain Device using GPO

When using our Active Directory integration and distributing agents to users over the network, you can also configure your GPO server to push updates to clients telling them which folders to protect. For example; Every employee has a special “Company IP” folder in My Documents. You can tell their clients to protect that folder with any Circle you choose.

The steps to set this up can be located through the following link; [link to group policy: install and configure]

Magyc Folders: Subfolders and Shortcuts

A MagicFolder applies to all subfolders, but symbolic links (shortcuts) do not apply. For example:

When the folder ‘Demo Files’ is added to a Circle, the subfolder ‘embedded’ also becomes part of the MagicFolder assigned to the same Circle.

folder.png

folder2.png

The ‘shortcut_folder’ does not become part of the MagicFolder because it is a symbolic link to another location. In this example

C:\Users\secur\Desktop\Demo\Demo Files is the parent MagicFolder.
C:\Users\secur\Desktop\Demo\Demo Files\embedded is the sub-folder which becomes part of the MagicFolder

C:\Users\secur\Deskopt\Demo\Demo Files\shortcut_folder is a symbolic link to C:\Users\secur\Downloads\Test. This is not part of the MagicFolder.

Designate Magyc Folder using command line

The following illustrates how the fhtools Command Line Utility can be used to create scripts that enforce the protection of data written into particular folders on a filesystem. Such scripts are typically deployed via software distribution/management software. For Windows devices in an Active Directory environment, Group Policy can be used to run similar scripts as well (see Install and Configure SecureCircle via Group Policy).

  1. Obtain the Circle ID of the Circle that files added to the folder should be added to by navigating to the Circles menu and selecting the desired Circle. The selected Circle’s ID appears in the Description section at the bottom.
  2. Run the following command.
fhtools --attach --input=<quoted path to folder> --circle=<circle ID from step #1> --url=<FQDN of SecureCircle server>

Example:

fhtools --attach --input=/Users/jjones/Desktop --circle=d758f7e0-437b-48ab-98f7-e0437b78ab4c --url=demo.securecircle.com

The above example designates the user’s desktop as an ingestion point for data into the “IT” Circle. New data copied/written into the folder will be protected in the “IT” Circle.

Script to Designate All User’s Desktops as Protected Folders

MacOS

circleid=<circle ID>
fqdn=<FQDN of SecureCircle server>
for userdir in /Users/*
do
  if [ -d "${userdir}" ] && [ -d "${userdir}"/Desktop ]
  then
    userdesktopdir="${userdir}"/Desktop; fhtools --attach --input="${userdesktopdir}" --circle=”${circleid}” --url=”${fqdn}”
  fi
done

Example

circleid=d758f7e0-437b-48ab-98f7-e0437b78ab4c
fqdn=demo.securecircle.com
for userdir in /Users/*
do
  if [ -d "${userdir}" ] && [ -d "${userdir}"/Desktop ]
  then
    fhtools --attach --input="${userdir}"/Desktop" --circle=”${circleid}” --url=”${fqdn}”
  fi
done

Windows

SET circleid=<circle ID>
SET fqdn=<FQDN of SecureCircle server>
for /d %g in (C:\Users\*) do (
  if exist %g\Desktop\* (
     fhtools --attach --input %g\Desktop --circle %circleid% --url %fqdn%
  )
)

Example

SET circleid=d758f7e0-437b-48ab-98f7-e0437b78ab4c
SET fqdn=demo.securecircle.com
for /d %g in (C:\Users\*) do (
  if exist %g\Desktop\* (
     fhtools --attach --input %g\Desktop --circle %circleid% --url %fqdn%
  )
)

Magyc Folder Protecting Data in the Cloud (Google, OneDrive, etc.)

SecureCircle MagicFolder feature may be used in conjunction with most popular cloud storage solutions such as Google Drive/File Stream or OneDrive in order to automatically protect data.

In this example, Google Drive File Stream has been configured on a target system

  1. The SecureCircle Server Administrator should ensure that “googledrive..” related Applications have been disabled.

google.png

  1. Setting the MagicFolder as an end-user (or an Administrator configuring an end-users device) requires no special workarounds or actions, simply target any Google Drive location (as you would any other location on the computer) and set it as a MagicFolder.
  • The GIF below demonstrates how an end-user would create a MagicFolder on Google Drive File Stream. NOTE: While this example targets a specific folder, administrators and users should keep in mind that the root of the folder may be set as well.

google2.gif

  • Right-click a new or existing target directory and select “Add to Circle” > Select your circle
  • MagicFolder is now configured. Any files placed into the location will be automatically protected.
Was This Article Helpful?