Screencasts - Hilfsvideos

Adding users to laptops via PGP Server

Created: 16 Jan. 2013 • Aktualisiert: 18 Jan. 2013 | 11 Kommentare
Dieses Problem wurde gelöst. Siehe Lösung.

I have a user that I need to add to over 200 laptops...

Without "touching" each laptop is it possible to "push" a User and the user's password to a laptop via the PGP server???

Kommentare KommentareZum neuesten Kommentar

das Bild der Alex_CSTs

Yes, you can do a silent SSO enrolling

Please mark posts as solutions if they solve your problem!

das Bild der DannyPGs

When I click on the URL I get the following:

'The URL you've tried isn't returning content. There are two possibilities:

das Bild der DannyPGs

When I click on the URL I get the following:

Page Not Found

The page you requested was not found. You may have used an outdated link or may have typed the address (URL) incorrectly.

das Bild der Tom Mcs


When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

das Bild der DannyPGs

That's not what I need... This URL entails a user physically logging into the machine... In fact, this user is not allowed to log into Windows...

This is a "backdoor" account for our Help Desk, this user is denied logging into Windows via a Group Policy... This user will only be used to get a User past the PGP bootguard screen and to a Windows Logon screen... And NO, we cannot give the Help Desk the WDE Administrator passphrase...

I already have this account on 25% of the laptops, but I need it added to the other 75%... And manually touching each laptop to add the account is unacceptable ( as well as undoable )...

So I was hoping I could add the User to the remaining laptops via the PGP Server console...

Clear as mud !

das Bild der Alex_CSTs

You can't push a password to a laptop definately.  But from a security standpoint, if this is a single user and a single password that can unlock the drive of over 200 laptops, that sort of makes the disk being encrypted pointless and if you have to do this for any sort of regulatory compliance it won't cut the mustard.

This sounds to me like the reason the recovery tokens were put into PGP, for single use help desk scenarios to bypass a forgotten password or something along those lines, won't that do the job?

Please mark posts as solutions if they solve your problem!

das Bild der DannyPGs

Actually, our Security Analyst is the one that recommeded us putting a "backdoor" on the laptops...

As for the Help Desk using the recovery tokens... Have you ever tried giving an IRATE doctor a 28 character key to type in at 1 o'clock in the morning !!!!

All of our laptops are for Doctors and they will NOT tolerate having to type in a 28 character key...

My response is: Don't forget your password dumbass! ...  But, unfortunately, we can't tell them that...

Therefore, the "backdoor" passphrase...

Any other idea as to how I can accomplish this feat ???

das Bild der vaibhav_jain1s

You can do this by pushing a batch script, but you will also have to specify your admin passphrase to add a user.

pgpwde --disk 0 --add-user -u <backdoor user> -p <password> -a <admin passphrase>

das Bild der Alex_CSTs

Horses for courses I guess, - you could have also done the security questions but if that was also unacceptable you could add them via cmd line

Please mark posts as solutions if they solve your problem!

das Bild der DannyPGs

Pushing a batch script... That's not a bad idea!

If I use a batch script, wouldn't I need to use something like PSEXEC, since the script would be adding a user to a remote machine?

das Bild der DannyPGs

Thanx for everyone's help... Got it working on remote laptops using a batch script + PSEXEC...