File Share Encryption

Hello I have been trying Symantec Desktop Encryption (SymantecEncryptionDesktopWin64-10.3.2MP2) at home before I use it at work for my employer.

I tested it by encrypting a small USB flash drive. All went well. After I ejected the drive from my W7 Pro 64 bit machine I plugged it back in and was asked for a password by the Symantec software. Great. Typed it in and drive was available to me in My Computer.

I ejected it again and plugged it back in and this time declined to enter password. Hit cancel.

After this I looked around for a Unlock or Mount button but could not find one.

So how does a person Unlock a drive or Mount a drive if they decline the password prompt or accidentally cancel it?

I want to encrypt a storage drive at work ultimately but not necessarily have it open all the time. If I encrypt an internal storage drive how would a person unlock that if they decline the password prompt? (can't eject that)

I guess I am missing something and I realize this is a very (simple) question for a forum as involved as Symantec's but really could use a little nudge in the right direction.

Is there a Lock/Unlock or Mount/Unmount feature i am missing? (if decline password prompt)

Thank You for helping.

Hi,

If you click Cancel you are simply not being authenticated to the disk which means USB is instrumented, current key is valid but "Authentication is needed to decode dsk session key" to be able to get access Unlock the disk.

Have a look below:

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --status --disk 1
Disk 1 is instrumented by bootguard.
  Current key is valid.
Drive encrypted
  Total sectors: 7822080 highwatermark: 7822080
  Authentication needed to decode disk session key.
Request sent to Disk status was successful

So I don't think you can do it again directly from the GUI unless you unplug the USB drive and plug back in again but other method is simply to navigate to below path (Windows x64) of pgpwde command line

C:\Program Files (x86)\PGP Corporation\PGP Desktop>

and type

pgpwde --auth --disk 1 --u user1 --passphrase "XXXX"

Note: --disk 1 is USB disk

Now you can go to My Computer and try to get access to your USB drive, you should be able to see all files and folders

HTH

Great! That worked. I ended up finalizing on this:

pgpwde --auth --interactive -d 3 -k mynumberhere

I put it in a batch file and pinned to my start menu. It said somewhere keys are more secure than users and passwords so fooled around till I figured the above out.

Do you think they might at some point put Lock/Unlock in the Disk section of the app? Would be cool if they did. Don't want to make a file for each disk if choose not to unlock upon logging in but it is a solution for now.

I really appreciate you helping and letting me know about pgpwde!

Take care....

Hi i8ts,

I was not able to find (which doesn't mean that it is not exist) if we have got any feature request for this action - unlock from GUI apart from workarounds only so pgpwde command line to authenticate to the diks or plug USB out and plug USB back in again to see unlocking window pop up.

You could open a case with Symantec so potentially we could raise this Feature Request.

Also if you want to be more familiar with PGPWDE you can type in google PGP Whole Disk Encryption Command line and you will get a full pdf with options. Apart from this pdf of course a standard pgpwde --help will give you all options which most probably you know as for now.

Thank you.

Hi Adam something came up using pgpwde and was not sure if I should start a new post or not but it is related to unlocking so here goes...

I encrypted C: drive and all went well. Bootguard comes up and I enter pass and get in. But I was wondering if in a stand alone installation if you can boot using the recovery token?

I went to Advanced tab in Bootguard screen and it only offered Recovery Question option but could not find anywhere in Bootguard to enter a WDRT to boot to if a person forgets password. Could not find anything in pgpwde either. I did find:

pgpwde --new-wdrt --disk 0 --admin-passphrase passhere

Which lets me make a new one (token) but can I boot using a Token if I forget my pass and if so how to set up Bootguard to let me?

(I know i can set up recovery questions but want to learn how to do unlock it with a token if it is possible)

Thanks...i8ts

Hi i8ts,

You don't need to navigate to any other option in Bootguard to be able to provide a WDRT or generate a new one.

Just simply if you saved your WDRT when encryption process started on your Standalone SED Client, use this WDRT (28 characters long) in the same place on bootguard where you type your passphrase. Bootguard will accept it.
You can use it without dashes "-" or with "-".

Just run a test by typing WDRT instead of your standard passphrase.

HTH

Thanks buddy...did a test...worked fine 

Hi i8ts,

Cool. Thanks for the feedback :-)