Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog

Deploying Full Disk Encryption with PGP Whole Disk Encryption Workgroup Edition

Created: 01 May 2009 • Updated: 05 Nov 2012
Shilpi Dey's picture
0 0 Votes
Login to vote

sdeyShilpi Dey- Product Marketing Manager

PGP Corporation recently announced a new product - PGP® Whole Disk Encryption Workgroup Edition which is specifically tailored to protect small companies and enterprise workgroup’s data on laptops, desktops and USB devices while supporting compliance requirements. PGP Whole Disk Encryption Workgroup Edition provides administrators a simple, intuitive and easy-to-use solution to manage and deploy full disk encryption.  The beauty of this solution is that there is no need to manage servers or databases nor does it require additional dedicated hardware.

PGP Whole Disk Encryption Workgroup Edition consists of a management application (PGP® Whole Disk Encryption Controller) and PGP® Whole Disk Encryption client software. The management application is used to configure policy and create client installers that are pre-configured with the established policy. Once deployed, the management application can also be used to view status reports on the deployment.

PGP Whole Disk Encryption Controller runs on any computer with:
32-bit versions of Microsoft Windows 2000, Windows XP, or Windows Vista
Internet Explorer version 6.0 or later.

Before you deploy PGP Whole Disk Encryption Workgroup Edition, create an accessible shared folder on the network. This folder stores the log files and Whole Disk Recovery Tokens  (WDRT) used to help users who may have lost or forgotten their passwords for all of the PGP Whole Disk Encryption installations. The shared folder must be accessible by all installations of the deployment, and should be Common Internet File System (CIFS) compliant. Although using a shared folder is highly recommended, it is not required. When not using such a shared folder, for example in a very small workgroup situation where a share is unavailable, the WDRTs are encrypted to the PGP® Whole Disk Encryption administrator key and stored on the local disk. In these situations, you might need to instruct the user to send the WDRT to the administrator for safekeeping in the event the user loses the passphrase or needs help accessing the system.

1.    Run the PGP Whole Disk Encryption Controller on any existing Microsoft Windows system (Windows 2000, XP or Vista) by double-clicking the PGPWholeDiskEncryptionController.exe file.

2.    Click Change... next to Administrator Options to configure the PGP WDE administrator key and the shared folder location. The Administrator Options dialog box appears.  Click Import, browse to and select the file that contains the exported public key you created for the administrator key, and then click Open.

3.    In the Network Path text box, type the fully-qualified path to the shared folder (for example, smb://user:password@server/share). Click Finish.

4.    Enter your license information.

wde-we-main1

5. Select the “Whole Disk Encryption” tab. Check the options for single sign-on and removable devices (or leave default).

wde-we-controller-policy

6.    Click “Save Client”. This “stamps” out a PGP® Whole Disk Encryption client installer that can be deployed on any Microsoft Windows system, using third-party deployment tools. For file-level encryption for those “uber-secret” files, easily configure file and zip encryption options under the “File & Disk” tab. For more information, please refer to the PGP Whole Disk Encryption Controller Quick Start Guide that is included with the product, or visit the PGP Support Knowledge Base .