File Share Encryption

Currently we only encrypt laptop devices. The hardware varies between old HP laptops to more current Dells. Mostly still running windows XP with a good portion running windows 7. We've run reports from SCCM and from PGP to try and determine what we have for devices and their encryption state. We have about 100 devices that are reporting not encrypted or partially encrypted. It has been asked that these devices not be connected to our network until they are fully encrypted. It has been asked that we script something that runs on start up on a laptop that checks the status of the encryption and then disconnects them from the network if not fully encrypted. Does PGP store this kind of information in the registry or another file on the PC? The thinking is, the information has to be somewhere because it is passed to the PGP server when the device synchronizes. Thanks for any help that can be provided.

I think I may have found the answer here: http://www.symantec.com/connect/forums/query-pgp-desktop-drive-encryption-status

yeah,

%programfiles%\PGP Corporation\PGP\pgpwde --status --xml will give you an XML output of the drive encryption status.

You should be able to open command line as an administrator and do the following:

C:\>cd "program files (x86)\pgp corporation\pgp desktop"

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --status --disk 0
 

Your output should look something like this:

Disk 0 is instrumented by bootguard.
  Encryption process interrupted by user request
  Current key is valid.
Drive encrypted
  Total sectors: 625139712 highwatermark: 212756590 reserved start sectors: 2
Failed login attempt lockout enabled. Max failures=5
Request sent to Disk status was successful

The highwater mark is where the encryption is at in relation to the total sectors.

This should give us the information needed. Thanks for the replies.