File Share Encryption

 View Only

  • 1.  BOOTGUARD Bypass with SCCM deployment.

    Posted Dec 15, 2011 03:25 PM

    Hi,

    I use PGPWDE.exe -add-bypass --admin-authorization to bypass first computer reboot. It works if I use a previously loggued account, and if this account is in the right AD Groupe (WDE-ADMIN). I've tried the --admin-passphrase blabla and It works too.

    BUT...

    I need to push some update via SCCM 2007. These updates need one reboot...So I must create a package with PGPWDE command line, in SCCM.

    SCCM account are in WDE-ADMIN account.

    I'm unable to get the PGPWDE command working properly. Access denied occurs.

    My script is very simple and looks like:

    MD BEGIN
    PGPWDE.exe -add-bypass --admin-authorization
    MD END
    CALC.EXE

    When SCCM pushes this script, I can check the results on some testing computers. BEGIN, END directories are here, and CALC is running. But..BYPASS didn't work.

    I do not understand how to make SCCM running thie PGPWDE command in order to bypass the patches process reboot.

    My question:

    - SCCM account is in WDE-ADMIN account
    - I need to run the Bypass command BEFORE adding monthly patches

    How ? Hellllllllllllllllllp.

    Thank you.



  • 2.  RE: BOOTGUARD Bypass with SCCM deployment.

    Posted Dec 19, 2011 06:23 PM

    Moving to the WDE forum



  • 3.  RE: BOOTGUARD Bypass with SCCM deployment.

    Posted Dec 20, 2011 01:43 PM

    pgpwde.exe is located in c:\program files\pgp corporation\pgp desktop or c:\program files<x86>\pgp corporation\pgp desktop for 64bit OS.

    Also, you are missing parameters, you may want to run:

    pgpwde --add-bypass --disk 0  -p password

     

    For additional help, run pgpwde --help

    If this addressed your question, please mark post as solution



  • 4.  RE: BOOTGUARD Bypass with SCCM deployment.

    Posted Dec 21, 2011 11:05 AM

    @Bazoune what version of PGP Desktop are you using? There is a known issue with using PGP Desktop 10.1.2 or 10.2 and newer with Windows PE where the pgpwde --add-bypass --disk 0 -p "passphrase here" command won't work. You get the access is denied error. Or it will say that you aren't a member of the wde-admins group so access is denied.

    This was fixed with 10.2 MP3, but introduced another error where the initilization strings fail to load for several languages. So that issue was fixed in 10.2 MP3 HF1 which is the lastest build of PGP Desktop available. you can obtain said build from support personal if you open a support case with them. They have to authorize you for download, since it is a hotfix. We will have a fix for these winPE problems included in 10.2 MP4 which is targeted for the end of Q1 in 2012 and that version of PGP will be generally available through Fileconnect/Symantec licensing portal.