Best practices for PGP WDE process?
Hey guys, I was just trying to get some user community feedback on how best to setup new users in PGP WDE. We have the latest version of PGP Desktop and are only really taking advantage of the WDE piece of our Universal Server (we don't use the email stuff and aren't doing anything crazy with encrypting/blocking external drives).
It's really our process of setting up new users that I'm kind of uncertain about. Right now, we install PGP Desktop 10 on a new machine prior to deployment, then send the end-user instructions on how to create a passphrase and private key. This works for the most part, but we have to do constant checks against the Universal Server to see if the user actually did it. Does anyone else who uses WDE have a more efficient setup?
We've turned off the automated password recovery option, so if someone forgets their passphrase we send them a recovery token and then have them create a new passphrase at login. We were thinking maybe we could encrypt the drives beforehand - from the new user's login - then when deploying it send them the recovery token and just tell them a new passphrase would need to be created. My problem with that is that if the user canceled the "new passphrase" screen that pops up, we'd have to send them a token again.
Any ideas? Thanks!