HOW TO: Use Domain Administrator restart bypass

Article:HOWTO42006  |  Created: 2008-01-16  |  Updated: 2011-02-06  |  Article URL http://www.symantec.com/docs/HOWTO42006
Article Type
How To




Domain administrator restart bypass

Beginning with version 9.7 of PGP Desktop, administrators have the ability to use the Domain administrator restart bypass feature. Windows System and Administrator account(s) may now engage a mode to bypass WDE authentication on the next restart by utilizing the privileges of the administration account to act as the authenticated user.
This feature enables administrators to perform remote or local software installations requiring a restart of the target computer without the need for the user to input their passphrase.

Use of this feature is logged to the PGP Universal server. Bypass events are displayed in the Client log of the PGP Universal Server.



To add a Domain Administrator restart bypass use the following steps:

  1. On a domain controller, open the Active Directory Users and Computers console. (Start>All Programs>Administrative Tools>Active Directory Users and Computers)
  2. Create a new Global Security Group with the name WDE-ADMIN.
  3. Add the desired domain user account(s) to the WDE-ADMIN group.
  4. On the client system, login with the user account added to the WDE-ADMIN group.
  5. Click Start>Run, type cmd in the text field and click OK. The Windows command prompt screen appears.
  6. Switch to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
  7. At the command prompt, type pgpwde --add-bypass --admin-authorization --disk 0 and press Enter.
A message displays that the bypass has been successfully completed. You can also verify the bypass user by typing the following at the command prompt:

pgpwde --check-bypass


Legacy ID



880


Article URL http://www.symantec.com/docs/HOWTO42006


Terms of use for this information are found in Legal Notices