File Share Encryption

 View Only
  • 1.  Changing Keymode & Going from Unmanaged to Managed

    Posted Sep 19, 2012 11:15 AM

    Hi,

     

    I am faced with the possible scenario of going from Unmanaged to Managed PGP Desktops (WDE) which is fine, itll just be a matter of deploying the registry entry key via group policy.

    The question I have is what keymode would I be able to use?  If I wanted to use SKM would I have to manually export all the keys from all the endpoints then put them on the server?  Or is there a facility to do this:?



  • 2.  RE: Changing Keymode & Going from Unmanaged to Managed

    Posted Oct 23, 2012 04:26 PM
    If this is a WDE only deplyolment, without 2Factor Auth, then SKM would be the best choice. You can either migrate the existing keys manually or automatically. For the last one the challange is here that all keys that previously created on the different clients must 100% match the Key Settings in your consumer policy. Also the USer must to to the full enrollment screen (no silent enrollment) where he does to pick his key in case he does have multiple ones. If the existing Key does not match the policy, a new one will be created instead. But for WDE only it does not matter because it will not be used for encrypting the disk if you don't use 2Factor-Auth (Smartcards/Token). I had a similar challange at a WDE cusotmer where, we just created new keys instead using existing (self generated ones) and used silent enrollment.


  • 3.  RE: Changing Keymode & Going from Unmanaged to Managed

    Posted Oct 31, 2012 11:51 AM

    Thanks for the reply

    Is it possible for a new key to be generated, then the existing key be added to each user (manually)?