File Share Encryption

 View Only

  • 1.  Does PGP WDE Client use SIDs as the unique identifier?

    Posted Mar 02, 2012 12:49 PM

    The organisation i work for recently received new Dell Latitude E6520, they were standard imaged before hitting desks.

    We have found now that after users enroll their password the machine is being listed under the incorrect asset name on pgp universal so if a WDRT is required it doesn't work. There appear to be some duplicate SIDs on the network is this the cause?

    If this is the case is there an easy fix without having to re-image and sysprep the machines?

    The machines are running Windows 7 Professional 64bit

     

    PGP Universal 3.2.0 build 2401 and the pgp client is version 10.2.0 64 bit



  • 2.  RE: Does PGP WDE Client use SIDs as the unique identifier?

    Posted Mar 05, 2012 04:01 AM

    By standard imaged do you mean by yourselves? Was PGP Desktop included in this image? PGP Desktop uses a MACHINEGUID when enrolling and if more than one machine has the same MACHINEGUID then you can run in the problems similar to what you describe. The following will help prevent this in the future:

    Deploying System Images with PGP Desktop

     

    However, this won't help existing machines. You could write a script to push to the machines to change the GUID (mentioned in the link) of the machines with matching GUIDs, assuming you can establish what the similar GUID is. I've had to throw something together myself before, so I might be able to give some pointers for a script if needed (assuming I can find the original script).

    You also mentioned duplicate SIDs on the network. This could be the cause if the above doesn't apply, in which case there's a tool called newSID that can generate a new SID for a machine. However, this was retired as Microsoft didn't believe duplicate SIDs on a Domain or Workgroup made a difference, so may not be relevant, so I'd look back at the PGP GUID.



  • 3.  RE: Does PGP WDE Client use SIDs as the unique identifier?

    Posted Mar 05, 2012 12:09 PM

    Even after changing machine GUID's you will still need to do manual cleanup on the PGP Universal server afterwards. I would first make sure that the new GUID's for those machines register on the PGP Universal Server. Then, you should be able to delete the old device records referencing that old machine GUID. THe next time the PGP Desktop client communicates with the PGP UNivesral server (after changing the machien GUID) it will create a new device record with the new machine GUID as well.