File Share Encryption

 View Only

  • 1.  PGP and imaging

    Posted Apr 04, 2011 12:31 PM

    I work in an environment where we need to roll out laptops fairly quikcly.  Normally we would simply image a laptop configure the few things we have to and then provide the laptop to the user.  In the case of a PGP encrypted laptop I would like to know :

    a) can we image a laptop with the PGP installed and hard drive encrypted and then drop that image on any laptop we want in the future to give it to a user. If so how in regards to the authorized user.

     

    b) Is there any way, once a computer is encrypted and registered on the PGP server, to change the pc name that the disk id is referenced to.



  • 2.  RE: PGP and imaging

    Posted Apr 04, 2011 06:05 PM

    A)

    From experience, what you're looking to do isn't possible. I've tweaked my imaging process to the best of my ability, and I have emergency deployment times down to 6hrs. (Which is the time needed to encrypt a laptop.) Imaging solutions generally overwrite any data currently on the hdd before encryption. So I don't necessarily see away around this.

    Maybe if you were using a scripting approach for imaging then I'd assume it would be possible in a way. You could in theory encrypt all of the laptops beforehand, and use the unattended.xml file to script the rest whats needed before deployment. On the downside, cleaning up the records on the server would become a little tedious.

    Would love to hear feedback from others on this though as I could be missing something.



  • 3.  RE: PGP and imaging

    Posted Apr 04, 2011 07:06 PM

    PGP has had a couple of KB's regarding this topic on their old support site. The crux of the issue is that the unique identifier on the local machine which is transmitted to the server during enrollment is expected to be unique. This identifier is generated from hardware information on the machine and placed in the registry HKEY_LOCAL_MACHINE->SOFTWARE>PGP Corporation->PGP> MACHINE_GUID on windows machines. On macs it is kept in a file in the /users/shared/pgp/machine.uuid file. They used to have a tool that would go in and change this setting in the registry to a random string on windows machines. This tricks the server into thinking it is unique but it must be done before enrolling with the server otherwise you end up with a large amount of identical machines on the server.