File Share Encryption

 View Only

  • 1.  Multiple Users accessing same WDE workstation

    Posted Apr 30, 2012 05:30 PM

    Hi,

    I am using PGP Universal Server and PGP Desktop 10.2 MP4 on Windows XP sp3 x86 and Windows 7 x64 workstations.

     

    I have a lot of workstations which are shared by more than one user (not at the same time), and I am wondering if there is anyway that these users can logon to a workstation which has a WDE encrypted hard drive.

    I have heard that I could deploy windows roaming profile and then a user who has enrolled on another workstation should be able to logon to any workstation. I know this may compromise the security a bit, but does anyone have a KB or step-by-step for this scenario?

     

    Thanks



  • 2.  RE: Multiple Users accessing same WDE workstation

    Posted May 03, 2012 10:21 AM

    i dont think PGP can be setup in this way for WDE.

     



  • 3.  RE: Multiple Users accessing same WDE workstation

    Posted May 04, 2012 09:55 AM

    Is this what you are talking about?

    http://www.symantec.com/connect/videos/automating-multiple-user-enrolment



  • 4.  RE: Multiple Users accessing same WDE workstation

    Posted May 08, 2012 12:16 PM

    You can also set WDE ADMIN passphrase in pgp universal policy;  each computer that belongs to this policy, can be authenticated with this passprase. After clients upgrade policy, WDE ADMIN user will be added to access list.

    I think this is much easier.



  • 5.  RE: Multiple Users accessing same WDE workstation

    Posted May 10, 2012 02:53 PM

    sharing passwords isn't secure :)

     

    There are ways to accomplish this but they all kinda suck. 

    1- you know all of their passwords and you make a script that auto adds people to the disk.

    - 1 person's password changes.. and this is a pain to manage

    2- you use auto-encrypt, silent enrollment policy and supersilent install, this will automagically add users to a 100% encrypted disk whenever they log into windows.

    - this will not work at pre-boot for the first user's login, they have to login to windows first to get added to the disk

    - still a pain if the user's password changes alot

    3- smartkeys might work ( i haven't tried this at all)

    - another thing that your users may misplace :)

     

     

    PGP needs to come up with a better way of encrypting and managing machines that are used by a large number of people. It's way too complicated, and i suggest PGP take a look at how other encryption companies are getting past this (hint: Checkpoint FDE)

     



  • 6.  RE: Multiple Users accessing same WDE workstation

    Posted May 20, 2012 06:16 PM

    Hi,

    someone was telling me that users can authenticate from pgp if they have roaming profiles and can then hot desk. I can't find any information about this apart from remembering an article on wde v9 which mentioned roaming profiles.

    However, the url for wde 10.1.x at http://www.symantec.com/business/support/index?page=content&id=TECH149189 mentions:

    •Resolved the issues with PGP WDE so users with roaming profiles can authenticate at PGP BootGuard on multiple systems. [27561]

     

    So this sounds like you can use roaming profiles to authenticate at bootguard or else this point would not have been included, but does anyone have the articles / user guide that mentions how to do this? I cant find it in the user guide for 10.2 or PGP universal server guide 3.2

    Thanks

     



  • 7.  RE: Multiple Users accessing same WDE workstation

    Posted May 22, 2012 10:41 PM

    hmm, it could be that there was a specific bug where a user with a roaming profile was unable to login to bootguard on multiple systems with SSO enabled, even after they were manually or silently added to the WDE device.

    Symantec support should be able to give you specific information on the bug resolution you mentioned above.