PGP Desktop Feature Control
|Article:TECH149072|||||Created: 2007-10-29|||||Updated: 2012-02-01|||||Article URL http://www.symantec.com/docs/TECH149072|
This article describes the ability of PGP Universal Server to manage deployments of the PGP Desktop.
The PGP Universal Server acts as a deployment manager for your PGP Desktop deployments. You create PGP Desktop client installers with the features and settings that support your organization's security requirements, then distribute those client installers to your end users. They install the PGP Desktop client on their systems with the features and settings you have established.
This feature is available in managed clients of PGP Desktop 9.7 and above.
PGP Desktop Feature Control
You can control what your users can do with PGP Desktop by controlling not just the settings for a feature but the feature itself. PGP Desktop features are controlled by creating a new PGP Desktop policy or editing an existing policy on the PGP Universal Server.
If your organization has licenses for all employees that support PGP Shredder, for example, but you have a subset of employees that do not need this feature, you can create a client installer just for this subset of users that does not contain the PGP Shredder feature. Feature control is available for all major features of PGP Desktop. Features that are disabled do not appear in the PGP Desktop user interface.
PGP Desktop settings can be established for the default internal user policy as well as any custom internal user policy you create. Each of these can have different sets of PGP Desktop settings.
Enable/Disable PGP Desktop settings
- Open the PGP Universal Server administrative interface.
- Select the Policy tab and click the Internal User Policy tab.
- Click on the Internal User Policy you wish to edit. The Policy Options dialogue is displayed
Note: Unless additional policies have been created, users are created in the default policy of Internal Users:Default
- Click on the Edit button for PGP Desktop Settings. The appropriate PGP Desktop Options card titled with the policy name is displayed.
- After selecting the desired options, Click Save twice to enable the updated policy options.
The PGP Desktop settings are distributed over five tabs:
- Messaging & Keys
- File & Disk
The following list describes some of the available options for each tab.
- Allow users to change options: When selected, lets your PGP Desktop users change the settings that you, their administrator, have established. Deselect this option to prevent them from changing these settings. Users will not be able to skip or cancel any part of the customized PGP Desktop installation.
- Allow users to override mail policy: When selected, lets your PGP Desktop users take actions that override the mail policy of the PGP Universal Server. This setting allows users to create messaging policies that could make their messaging less secure. Deselect to prevent users from overriding mail policy.
- Allow user-initiated key generation: When selected, lets your PGP Desktop users create new keys and subkeysin addition to the key created during installation. Deselect to prevent them from creating new keys after installation and from making certain changes to their keypairs, such as adding and removing ADKs, appointing and removing third-party key revokers, or creating and using subkeys.
- Show PGP Desktop in system tray/menu: When selected, the PGP Desktop padlock icon appears in the system tray of Windows users or the system menu of Mac OS X users when PGP Desktop is active on their systems. The icon provides access to some PGP Desktop features without requiring users to launch the whole application. Deselect to hide the icon.
- PGP Desktop 9.5 +: Allows PGP Universal Server administrators to enter licenses for PGP Desktop 9.5 and above clients by selecting the Enter License... button.
- PGP Desktop 9.0: Allows PGP Universal Server administrators to enter licenses for PGP Desktop 9.0 clients by selecting the Enter License... button.
Messaging & Keys
- Email Messaging: Deselect to disable the Email Messaging feature; it will not appear in the PGP Desktop user interface and it will not be available to your users.
- Enable Out Of Mail Stream support (OOMS): When selected, lets your PGP Desktop users send emails per policy in support of Web Messenger or Smart Trailers when the PGP Universal server is out of the mailstream. When deselected, your PGP Desktop users will not be able to send these messages if the PGP Universal Server is out of the mailstream.
- Instant Messaging: Deselect to disable the Instant Messaging feature; it will not appear in the user interface and it will not be available to your users.
File & Disk
- PGP NetShare: Deselect to disable the PGP NetShare feature; it will not appear in the PGP Desktop user interface and it will not be available to your users.
- PGP Zip: Deselect to disable the PGP Zip feature; it will not appear in the PGP Desktop user interface and it will not be available to your users.
- PGP Virtual Disk: Deselect to disable the PGP Virtual Disk feature; it will not appear in the PGP Desktop user interface and it will not be available to your users.
- PGP Shredder: Deselect to disable the PGP Shredder feature; it will not appear in the user interface and it will not be available to your users.
- PGP Whole Disk Encryption: Deselect to disable the PGP Whole Disk feature; it will not appear in the user interface and it will not be available to your users.
- WDE BootGuard Customization: Allows administrators to add additional text and display custom background images to the WDE BootGuard login screen.
Article URL http://www.symantec.com/docs/TECH149072