File Share Encryption

I have an evalutaion version of  Symatec Encryption  Desktop i have been given a license number so i can use it for an x amount of days.

i'm testing the Stand Alone version, i use the syntax below to install the product and thats all fine, but how do i add the license number so i can avoid the "Licensing Assistant" as per the screenshot

msiexec /i pgpdesktop.msi PGP_INSTALL_WDE=1 PGP_INSTALL_SSO=1 PGP_INSTALL_MAPI=0 PGP_INSTALL_NOTES=0 PGP_INSTALL_LSP=0 PGP_INSTALL_RDD=1 PGP_INSTALL_MAPI_PLUGIN=0

When i run this :

"C:\Program Files\PGP Corporation\PGP Desktop\pgpwde.exe" --secure --disk 0 --username admin --passphrase "password01!" --all

I get an error "Failed to import license Number" , i think this may be happening as i have not added a license...ideally i will be adding this to a Windows 7 Image that is Sysprep how do i streamline this step?

If you have just an evaluation version why are you using sysprep to deploy it?  How many users are you going to be deploying this to eventually?

Have you also got the Universal (Encryption) Server?

Hi Alex,

I'm testing it to see how well this can be automated into our SOE, The user base will be +20 basically anyone who has a laptop or any new laptops we commissioned with.

I dont have the Universal Server, thats the other thing im trying to figure out if we need the Universal server for the amount of users and we are only purely interested in the HDD encryption and nothing else.

Cheers

I strongly recommend a Universal Server.

For one, you won't encounter this problem.

Secondly, you will have 3 distinct administrative backdoors to unlock the laptops for patching, forgotten passwords etc.

If you have an EU who changes the password and forgets it, that's it.  No backdoor (apart from the silly recovery questions)  With a universal server you have Whole Disk Recovery Tokens, Administrative Bypass, ADKs, all this lovely stuff to make your job a lot easier.

You can even customise the bootguard with your company colour schemes :)

Hi Dvallejos81,

1. To deploy the Symantec Drive Encryption (SED) client (PGP Desktop), prefer a post install script or so. System images (Sysprep) are unsupported and can cause issues in the future. See: Deploying System Images with PGP Desktop (unsupported configuration) :: www.symantec.com/business/support/index?page=content&id=TECH149261

2. The standalone version was meant to be licensed via the assistant.

3. Besides other benefits, using the Symantec Encryption Management Server (SEMS) with Symantec Drive Encryption (SED) allows you to configure some recovery options, which should be enabled and must be defined according company policy/local regulations.

• Enable Whole Disk Recovery Tokens
• Encrypt Windows Drive Encryption disks and PGP Virtual Disks to a Disk Administrator Key
• Encrypt Drive Encryption disks to a Disk Administrator Passphrase

Note that, if none of the options above was enabled *before* losing access to the disk, it will not be possible to access to the content because the records cannot be modified after losing access to the disk.

Hope this helps!

Hi dcats

Thanks for your help.

I have been given Symantec PGP Evaluation Keys for Versions 10.1/3.1 :

We are only purely interested in  just Encrypting the HDD and perhaps any external USB's attached to our laptops.

From an Admin point of view as far as deployment and managing just that product which one would you think would suit us best, we would be looking at doing this for any future laptops we have and perhaps 30+ users now.

We would like to install the product Post Sysprep on our Laptops with a standard passphrase\password all Silently\Admin install to minise user interaction.

Ive tried this "Symantec PGP Desktop Corporate/Client" but i was not just totally convince i could automate the whole process.

Any thoughts.

Just a heads up.  You cannot whole disk encrypt flash drives.  It can do external HDDs, but not flash drives.