Deploying System Images with PGP Desktop (unsupported configuration)
|Article:TECH149261|||||Created: 2009-01-22|||||Updated: 2013-02-26|||||Article URL http://www.symantec.com/docs/TECH149261|
It is very easy to incorrectly deploy an image when including PGP Whole Disk Encryption on the image. Although doing so is easy, it is very difficult to fix the problems that can arise.
This article details the specific guidelines and requirements that should be followed deploying PGP Desktop to a large quantity of systems.
Due to the serious nature of issues that arise by including PGP Desktop in an image, this practice is not supported.
If PGP has been included in a corporate image that has been rolled out, the MACHINEGUID value that sets the encrypted Device ID could be duplicated, and render Whole Disk Recovery Tokens useless.
It is highly discouraged and not supported to include PGP Desktop in the system image. When the system image is deployed to a machine, install PGP Desktop after the system has been imaged.
If PGP is included as an installed application in the system image, a full decryption of the systems and uninstall of PGP Desktop will be required.
Please see the following KB for more detailed information on how to remedy incorrectly deployed images of PGP Whole Disk Encryption:
- If using PGP Remote Disable & Destroy, it is critical to follow these strict requirements and not include PGP Desktop on the system image deployed to systems. Having improper Device IDs for a system encrypted with PGP RDD enabled will cause rendezvous errors to PGP Universal Server and possibly lock user out of the computer.
- Do not remove the MACHINEGUID in the registry. This can cause logging errors and unexpected behavior in the software. Please see TECH203267 for more information.
Article URL http://www.symantec.com/docs/TECH149261