Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP Desktop (WDE) Silent Install Options - Initial passphrase user

Created: 14 Aug 2012 | 2 comments

I recently created an .msi for PGP Desktop (using whole disk encryption) that I want to push out via BigFix to about 250 users.  I ran the .msi created by my PGP server locally on a domain laptop PC using the following switches -

msiexec /i  c:\PGPDesktop.msi  PGP_INSTALL_DISABLESSOENROLL=0  /quiet  /norestart

This way, the software installs without any user interaction and waits for a reboot.  Upon reboot and logging into Windows, the user is prompted to create the 5 security questions and answers for the passphrase account and disk encryption begins (I have configured the PGP server to do this on purpose, to cut down on the amount of face time we will need for 250 users).  However, once the disk is encrypted, I have found that instead of adding the user that is currently logged into the machine as the initial passphrase user, it is grabbing the first local user listed alphabetically and using their account.  Now, when the machine reboots, it wants the user name and password for that local account, which in this case, is not an account anyone uses.

Obviously, I do not want this.  I want the initial passphrase user account created to be the person that is currently logged onto the account, which is their domain account.  Is there a switch during install somewhere or on the server that needs to be changed in order to make this happen?  Everything else is happening exactly like I want it to, other than this.

Comments 2 CommentsJump to latest comment

Alex_CST's picture

Take a look at this article http://www.symantec.com/docs/HOWTO77014

Have a look at the NO_USERNAME switch, this will prompt the user to enter in their username and password, instead of prepopulating the username, that will work, but it is not invisible.

Other than that have you used the "Auto Detect Policy" when creating the MSI, because using Preset policy is used for non LDAP environments.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

jeffreykmc's picture

Thanks for the great info.  I was actually using the preset policy, so your comment makes sense.  The only odd thing is that we ran this install on another user, with Windows 7, and his properly grabbed the current users login name to encrypt the drive with.  However, my initial test user on Windows XP does not have an email address on the domain, so I wonder if that would make a difference. 

You've given me some great stuff to test.  Thanks for the input!