Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Check-in feature for PGP Universal Server

Created: 21 Oct 2011 • Updated: 21 Oct 2011 | 2 comments

My company is currently running on PGP Universal Server 3.1 with our workstaitons utilizing PGP Desktop 10.2.  My question is, does Universal Server have the ability to lock out a remote system if it does not communicate with the Universal Server over a period of time?  I know there are other solutions (i.e Beachhead, McAfee, etc.) out there that have this feature.  Just wanted to know if PGP Universal Server had this capability.

Comments 2 CommentsJump to latest comment

Tom Mc's picture

Offlilne Policy may be what you are interested in.  The following is from the User's Guide:

Offline policy allows administrators to control how PGP Desktop processes messages when it can access the mail server but not PGP Universal Server. Each consumer policy can specify different offline policy behavior. PGP Desktop uses offline policy instead of local policy to process messages.
In Mail Policy (Mail > Mail Policy), the default offline policy messaging rules are laid out in the Default: Standalone policy chain. You can also create customized standalone rule chains. Standalone chains can only contain conditions and actions PGP Desktop can perform without PGP Universal Server. For example, you cannot have dictionary searches in a standalone chain.
You can also specify that PGP Desktop should always use the standalone mail policy whether PGP Universal Server is available or not.
There are 4 settings that control offline policy behavior.

From Consumer Policy > Policy Options > PGP Desktop > Messaging and Keys:
ƒ
Mail Policy. Specifies how PGP Desktop processes messages when it can access the mail server but not PGP Universal Server. Select one of the following options.
ƒ
Standalone: PGP Desktop always enforces the selected Standalone mail policy locally, regardless of whether PGP Universal Server is reachable. The client only contacts PGP Universal Server for policy updates and to upload logs. If you also disable policy updates and uploading logs, the client will never contact PGP Universal Server again after enrollment.
ƒ
Offline: Standalone: PGP Desktop enforces the selected Standalone mail policy locally whenever PGP Universal Server is unreachable. PGP Desktop follows normal mail policy when it can reach PGP Universal Server.
ƒ
Offline: Block: If PGP Universal Server is unreachable, PGP Desktop queues or blocks outgoing messages. PGP Desktop follows normal mail policy when it can reach PGP Universal Server.
ƒ
Offline: Send Clear: If PGP Universal Server is unreachable, PGP Desktop sends outgoing messages in the clear, with user confirmation. PGP Desktop follows normal mail policy when it can reach PGP Universal Server.
ƒ
If client fails to download policy for X days/hours/minutes. Specifies how PGP Desktop processes messages when it has not been able to download policy for the specified period of time.
ƒ
Block outbound message. Blocks outgoing messages after the specified period of time.
ƒ
Apply last downloaded policy. PGP Desktop continues to use the last policy settings downloaded. Choose this option if you turn off the setting Download policy updates from PGP Universal Server, because otherwise PGP Desktop will permanently block all outgoing messages after the specified time period.
From Consumer Policy > Policy Options > PGP Desktop > General:
ƒ
Send client logs to PGP Universal Server every X days/hours/minutes. Specifies how often PGP Desktop contacts PGP Universal Server to send client logs. If you turn off this setting, PGP Desktop will never upload client logs.
ƒ
Download policy updates from PGP Universal Server every X days/hours/minutes. Specifies how often PGP Desktop should attempt to download policy. If you deselect this, PGP Desktop will never contact PGP Universal Server to get new policy. If you turn off this setting, select Apply last downloaded policy from the setting If client fails to download policy, or PGP Desktop will permanently block all outgoing messages after the specified time period.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Julian_M's picture

Well, if your keys are set SKM (Server Key Mode), they are stored server side, not client. If the user hasn´t logged to PGP Desktop for 3 months, their keys will expire.

Also, im thinking that you are looking for Remote Disable & Destroy feature.

This is useful when laptop is stolen.

You can find out more about this in the Administrator guide:

http://www.symantec.com/business/support/resources...

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.