Endpoint Encryption

Hi Forum members, I wonder if there’s somebody out there who can help a noob!??

I’m setting up the following test environment:

1 PGP Universal Server (already installed)

2 Win7 Clients running PGP Desktop 10.2.1 (with more to come eventually - max of 10 users/clients)

 

User 1 has set encryption on a file share.  This has been tested and results were as expected.

The problem I’m having is that user 2 has completed the enrolment process, but I can’t find how to add user 2 to the (for lack of a better phrase) access list.

 

In a nutshell I need user 2 (and subsequent users) to have access to the same folder as user 1.

Could somebody please take a minute to outline how I would go about this??

I'm sure this is probably a walk in the park for a lot of you out there!!

 

Thanks for your help,

 

Dave

I'm hoping this video helps. 

Hi Tom Thanks very much for the video, that confirms my suspicion that adding users to an encrypted folder -should- be straightforward when you can see the key of your subsequent users!! The problem I have at the moment is that my User 2 has been through the enrolment procedure but I cant find them, even when I search on the keyserver (FQDN used)... Do I need to to do something else as user 2 in order to make my key searchable??

look by keyid on the users in your universal server, marry them up with the keyid on the users key inside pgp desktop

Thanks for commenting Alex - I can't see the the keyid anywhere! Although I'll admit I'm an absolute beginner!!! Small update though: When I 'Search for Keys' on each PGP Desktop console, the results show exactly the same names (from the keyserver) plus their own keys (local result), but they cannot see each other!!! I'm convinced there's only a small gap to be closed, if only I could see it... Do I need to somehow validate User 2's key to the PGP Server?? Perhaps there's something missing in the setup of my group and policy??

David,

The keyid for managed keys can be found on the PGP Universal Server (now Symantec Encryption Server) in the Administration Console (UI) by going to Keys --> Managed Keys and viewing the key.

I'm guessing the problem is that these users (at the time of enrollment) didn't have netshare enabled in their consumer policy. So the key usage flag for netshare might be missing?

You can verify the key usage flags of the invidual users' keys by searching for them under Managed Keys in the UI. You can see an example in the screenshot (attached as key_flag_properties.jpg).

If it's a problem with the key properties not being updated correctly. You have two options. You can re-enroll the desktop client to a consumer policy that has netshare enabled (deleting the existing key) - if you do this option anything encrypted to the prior key will no longer be decryptable unless you save a PRIVATE copy of the key.

The cleaner option is to SSH into the PGP Universal server and issue a pgpkeymaint task which should update the properties of the key file for those users. The command is:

# pgpkeymaint --update-sigs

 

Thanks very much for your comments guys,

 

This issue was cleared with a quick call to Symantec, where one of their staff guided me through adding users to PGP Universal Server manually.

 

Turns out our infrastructure was pretty much as broken as it could be!!

Booooooooooo!!!!!!!

 

Infrastructure's straight now, thanks to a TOP guy from Symantec helpdesk - Daniel Silva.

Hats off to him, he has brought my infrastructure up to scratch in hours where it would have taken me weeks!!!