File Share Encryption

 View Only
Expand all | Collapse all

Adding users to laptops via PGP Server

  • 1.  Adding users to laptops via PGP Server

    Posted Jan 16, 2013 08:50 AM

    I have a user that I need to add to over 200 laptops...

    Without "touching" each laptop is it possible to "push" a User and the user's password to a laptop via the PGP server???

     

     

     



  • 2.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 09:16 AM

    Yes, you can do a silent SSO enrolling

     

    http://www.symantec.com/business/support/index?page=content&id=HOWTO77014 



  • 3.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 10:09 AM

    When I click on the URL I get the following:

    'The URL you've tried isn't returning content. There are two possibilities:
     

     

     



  • 4.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 10:13 AM

    When I click on the URL I get the following:

    Page Not Found

    The page you requested was not found. You may have used an outdated link or may have typed the address (URL) incorrectly.
     



  • 5.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 10:20 AM


  • 6.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 10:33 AM

    That's not what I need... This URL entails a user physically logging into the machine... In fact, this user is not allowed to log into Windows...

    This is a "backdoor" account for our Help Desk, this user is denied logging into Windows via a Group Policy... This user will only be used to get a User past the PGP bootguard screen and to a Windows Logon screen... And NO, we cannot give the Help Desk the WDE Administrator passphrase...

    I already have this account on 25% of the laptops, but I need it added to the other 75%... And manually touching each laptop to add the account is unacceptable ( as well as undoable )...

    So I was hoping I could add the User to the remaining laptops via the PGP Server console...

    Clear as mud !

     

     

     



  • 7.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 12:03 PM

    You can't push a password to a laptop definately.  But from a security standpoint, if this is a single user and a single password that can unlock the drive of over 200 laptops, that sort of makes the disk being encrypted pointless and if you have to do this for any sort of regulatory compliance it won't cut the mustard.

     

    This sounds to me like the reason the recovery tokens were put into PGP, for single use help desk scenarios to bypass a forgotten password or something along those lines, won't that do the job?



  • 8.  RE: Adding users to laptops via PGP Server

    Posted Jan 16, 2013 12:20 PM

    Actually, our Security Analyst is the one that recommeded us putting a "backdoor" on the laptops...

    As for the Help Desk using the recovery tokens... Have you ever tried giving an IRATE doctor a 28 character key to type in at 1 o'clock in the morning !!!!

    All of our laptops are for Doctors and they will NOT tolerate having to type in a 28 character key...

    My response is: Don't forget your password dumbass! ...  But, unfortunately, we can't tell them that...

    Therefore, the "backdoor" passphrase...

    Any other idea as to how I can accomplish this feat ???

     

     

     



  • 9.  RE: Adding users to laptops via PGP Server
    Best Answer

    Posted Jan 17, 2013 04:04 AM

    You can do this by pushing a batch script, but you will also have to specify your admin passphrase to add a user.

    pgpwde --disk 0 --add-user -u <backdoor user> -p <password> -a <admin passphrase>



  • 10.  RE: Adding users to laptops via PGP Server

    Posted Jan 17, 2013 04:48 AM

    Horses for courses I guess, - you could have also done the security questions but if that was also unacceptable you could add them via cmd line



  • 11.  RE: Adding users to laptops via PGP Server

    Posted Jan 17, 2013 06:23 AM

    Pushing a batch script... That's not a bad idea!

    If I use a batch script, wouldn't I need to use something like PSEXEC, since the script would be adding a user to a remote machine?

     



  • 12.  RE: Adding users to laptops via PGP Server

    Posted Jan 18, 2013 02:51 PM

    Thanx for everyone's help... Got it working on remote laptops using a batch script + PSEXEC...