Add a New User to an Existing PGP Whole Disk Encrypted Disk

Article:TECH149817  |  Created: 2010-05-17  |  Updated: 2012-02-03  |  Article URL http://www.symantec.com/docs/TECH149817
Article Type
Technical Solution


Issue




This article details how to add an additional or new user to an encrypted disk without using the passphrase for the existing user.

 


Solution




In a PGP Universal Server managed environment, you can add a new user to an encrypted disk by using the WDRT for the existing user for authentication at the PGP BootGuard screen and then adding a new user to the disk using the command line interface. This allows you to add a new user to the disk without needing to know the passphrase of the existing user.

Whole disk recovery tokens are associated with encrypted devices, not single computers or single users. If multiple users have accounts on the same device, they share the same whole disk recovery token. Whatever you do with the token affects all users sharing that device.

To add a new user to an encrypted disk

 

  1. Log into the PGP Universal Server admin interface.
  2. Click Consumers > Users and then browse for and select the existing user. The user information is displayed.
  3. Expand Whole Disk Encryption and click the icon in the WDRT column. The WDRT is displayed.
  4. Record the WDRT for the system and use the WDRT to authenticate at the PGP BootGuard on the client computer.
  5. On the client computer, open a Windows command prompt.
  6. Browse to the PGP Desktop directory: C:\Program Files\PGP Corporation\PGP Desktop (32-bit) or C:\Program Files (x86)\PGP Corporation\PGP Desktop (64-bit)
  7. Type pgpwde --add-user -u <username> --passphrase <passphrase> --rt <wdrt> and then press Enter.

The new user is added using the WDRT for authentication.

 



Legacy ID



2048


Article URL http://www.symantec.com/docs/TECH149817


Terms of use for this information are found in Legal Notices