Endpoint Encryption

 View Only

  • 1.  Bulk deployment symantec desktop encryption

    Posted Aug 05, 2014 04:21 AM

    Hi,

    We have over 500 users and i wanted to know if i can deploy symantec desktop encryption to all the computers in our domain

    looking forward to your assistance

     

    Thanks in advace



  • 2.  RE: Bulk deployment symantec desktop encryption
    Best Answer

    Broadcom Employee
    Posted Aug 05, 2014 08:59 AM

    Hi, isuleiman

    Deployment of the Symantec Encryption Desktop can be done via AD GPO or SCCM so you can follow below KB:

    http://technet.microsoft.com/en-us/library/bb742376.aspx

    https://www-secure.symantec.com/connect/forums/deploying-pgp-desktop-sccm

    Installation of PGP can be also done in different ways to minimize end user involvement.

    Here is a KB:

    HOWTO: Configure Invisible Silent Enrollment for Symantec Encryption Desktop Clients
    http://www.symantec.com/docs/HOWTO77014

    Look also into the folowing KB as well please:

    Deploying Symantec Drive Encryption and PGP Whole Disk Encryption Clients
    http://www.symantec.com/docs/TECH188618

    HTH

     

     



  • 3.  RE: Bulk deployment symantec desktop encryption

    Posted Aug 05, 2014 01:06 PM

    Are you planning on managing the clients with a Symantec Encrytion Management Server (SEMS)?  If not, it may be a lot of additional work setting the product up on each system.  You could still deploy in bulk, but you would have to license each system, then set up the feaures you wish to use, etc.

    If you are using a SEMS, you can deploy via any of the normal bulk deployment methods, and the impact for the end user can be minimalized depending on the policy settings set on the SEMS.



  • 4.  RE: Bulk deployment symantec desktop encryption

    Posted Aug 06, 2014 01:08 AM

    Thanks for your reply Adam, am looking into the links you have provided



  • 5.  RE: Bulk deployment symantec desktop encryption

    Posted Aug 06, 2014 01:09 AM

    Yes am planning on using SEMS for bulk deployment and central management
     



  • 6.  RE: Bulk deployment symantec desktop encryption

    Posted Aug 07, 2014 03:58 PM

    Ok.  Just to clarify, the SEMS does not have any push functionality whatsoever.  It does generate installers which can then be pushed via GPO or other third-party endpoint management software.

    Basically, the SEMS manages policies per user group, which can be defined manually or by synchronizing with Active Directory.  These policies control what features are activated, what features a user has access to, whether or not they have permissions to access/control the features, and whether or not the drive is encrypted automatically when the end user enrolls to the server.  It also handles key management and recovery options.

    In its simplest (for the end user) form, the user would just enter their AD credentials at an enrollment popup, and the software would handle the rest without any additional user interaction.