HOW TO: Manage PGP RDD Policy

Article:HOWTO49685  |  Created: 2011-04-13  |  Updated: 2011-04-13  |  Article URL http://www.symantec.com/docs/HOWTO49685
Article Type
How To



While you enable PGP RDD based on consumer policy, you set PGP RDD policy per consumer group. If multiple consumer groups all receive the same PGP RDD-enabled consumer policy, they will all be protected, but each consumer group can receive different PGP RDD policy settings.

 
Best Practices: If there are multiple users for a single computer, it is important that all users belong to the same consumer group and receive the same policy. Having different PGP Remote Disable & Destroy policies applied to the same computer can cause problems, particularly if not all the users have PGP RDD enabled as part of policy. If each user's PGP RDD policy is different, the PGP RDD policy with the shortest rendezvous timer value applies.

 

To set PGP RDD policy
1.     Login to the PGP Universal Server Admin interface.
2.     Click Services > PGP RDD. The PGP Remote Disable & Destroy page is displayed.
3.     Select Manage PGP RDD with Intel Anti-Theft Technology.
4.      At the top of the screen, click Configuration and then select Policies.
5.     Select the desired Consumer Group from the drop down list for which you want to configure policy settings.
6.     After making any changes to the policy, click Save.
 
The following policy settings are available: 
  • Platform Stolen. Sets what happens when you mark a computer stolen.
  • Platform Disable Timer. Sets what happens when the Disable Timer expires.
  • Enable PBA Recovery. Enables stolen laptops to be unlocked using only the Whole Disk Recovery Token at BootGuard, without requiring a hardware recovery passphrase or Server Recovery Token. This function is not available for all Intel Anti-Theft-enabled computers. It works with a pre-boot authentication recovery feature specific to only some computers.
  • Rendezvous Timer. Specifies how often the Intel Anti-Theft-activated computer must contact PGP Universal Server. You cannot disable the rendezvous timer because the computer must be able to contact PGP Universal Server for PGP RDD policy updates.
  • Unlock Timer and PBA Logon Timer. Control how long the user has to perform the recovery process.
  • Grace Timer. Provides time for the computer to complete rendezvous after it comes out of standby mode or sleep mode ends.
  • Disable Timer. Specifies how much time there is between a missed or failed rendezvous and when the computer is locked. After a missed or failed rendezvous, the Disable Timer begins counting down. If the the Disable Timer expires before a successful rendezvous occurs, the Platform Disable Timer policy applies.


Article URL http://www.symantec.com/docs/HOWTO49685


Terms of use for this information are found in Legal Notices