Video Screencast Help

Changing Keymode & Going from Unmanaged to Managed

Created: 19 Sep 2012 | 2 comments
Alex_CST's picture


I am faced with the possible scenario of going from Unmanaged to Managed PGP Desktops (WDE) which is fine, itll just be a matter of deploying the registry entry key via group policy.

The question I have is what keymode would I be able to use?  If I wanted to use SKM would I have to manually export all the keys from all the endpoints then put them on the server?  Or is there a facility to do this:?

Comments 2 CommentsJump to latest comment

mwoj's picture

If this is a WDE only deplyolment, without 2Factor Auth, then SKM would be the best choice.

You can either migrate the existing keys manually or automatically. For the last one the challange is here that all keys that previously created on the different clients must 100% match the Key Settings in your consumer policy.
Also the USer must to to the full enrollment screen (no silent enrollment) where he does to pick his key in case he does have multiple ones.

If the existing Key does not match the policy, a new one will be created instead.
But for WDE only it does not matter because it will not be used for encrypting the disk if you don't use 2Factor-Auth (Smartcards/Token).

I had a similar challange at a WDE cusotmer where, we just created new keys instead using existing (self generated ones) and used silent enrollment.

Alex_CST's picture

Thanks for the reply

Is it possible for a new key to be generated, then the existing key be added to each user (manually)?

Please mark posts as solutions if they solve your problem!