File Share Encryption

We are preparing to deploy PGP Desktop in our environment. The first phase will be WDE on Windows laptop computers. Testing has gone fairly well for us until we started testing on laptops that are not on the domain and using local accounts to log into them. The desktop client is version 10.2.0 MP3.

I can’t seem to get the BootGuard passphrase to sync when I change the Windows password (CTRL+ALT+DEL) for a local Windows user account.

Details:

Installation package exported from US, with auto policy detection. Installed PGP Desktop by double clicking the .msi file on the laptop.

After installing PGP and rebooting I login with my local Windows user account (Administrator). I get the PGP Enrollment screen, authenticate with my AD credentials and then answer the LSR questions. The disk starts encrypting via the policy set on the Universal Server.

Wait for disk to encrypt.

When I reboot the computer I try to login at the BootGuard screen and fail to authenticate with the local user/password. I found that I have to use my AD passphrase with the local user account, SSO fails and then I can login with my local user credentials at Windows. I tried to change my Windows local user password via CTRL+ALT+DEL thinking this would re-sync the passwords. The BootGuard passphrase does not update to the new password. I still use my AD passphrase with the local user name. I dont want to deploy and encrypt as the actual user of the laptop if they will be forced to use the current AD password with a local user account for BootGuard.

I also added a second local user/password to Windows, added to local Administrators group, added as a passphrase user in PGP Desktop GUI.

Restart computer, login as ‘second’ local user account, enroll in PGP using my AD credentials. Restart, use local name/pass to login at BootGuard and SSO works and loads Windows. I change the password in Windows via CTRL+ALT+DEL, restart the computer and have to use the previous passphrase on the BootGuard screen. Passphrase did not update for BootGuard.

I found this article: http://www.symantec.com/business/support/index?page=content&id=TECH149470&actp=search&viewlocale=en_US&searchid=1348505658073

·         PGPWDE01 file permission – Unable to check, access to permissions denied

·         PGP Network Provider Order Connection – Tried moving PGPpwflt to top of the order

·         Group Policy for Windows Logon Setting – Enabled Always wait for the network

·         Interactive Logon: Do Not require CTRL+ALT+DEL – Have tried both ways

·         Intel PROSet Wireless – Not installed

·         USB Disk or SD card – none attached/inserted

If you give yourself the option to put in a username, you might have to change the domain.  By default the domain says "This Computer" rather than any domain - did you check that?

Thanks for your assistance. I do have the username and domain at BootGuard. I have the domain set to <computername>.

When I log in with the (first) local account that installed PGP Desktop and auto encrypted the drive I have to use:
Name: Local user name
Pass: My domain password (that I did PGP enrollment on the US)
Domain: <ComputerName>

I dont even use the local account password to login at BootGuard, above is the only way I found I could login with the user account that installed PGP and auto encrypted the disk. Took me a bit to figure out to use the domain passphrase. Seemed odd, but ok I thought...I'll just change the password and then they will sync.

I guess the part I'm really after is the password sync with local user accounts. It doesn't update the BootGuard passphrase when chaning the password via Ctrl+Alt+Del, then "change password".

I have created a few local accounts on this test machine and none of them sync the BootGuard passphrase when I change the password using Ctrl+Alt+Del.

After having no luck with a local account, I tried changing my domain password on a computer on the domain and that did work.

Contacted support and upgraded to latest client, 10.2.1 MP3 and the BootGuard passphrase is syncing with a local Windows user password change. They said there was password issues with 10.2.0.