PGP WDE - Allow users to decrypt?
Hey Guys -
With respect to managing the PGP universal server, is it recommended practice to enable 'allow users to decrypt' or would that pose a security risk? One the one hand, we have the 'allow users to decrypt' disabled on our primary policy. We have another policy that allows decyption. it's become frustrating to have an encrypted workstation change policies when it's in BSOD or simply malfunctioning.
On the other hand, it seems risky to allow decryption, in case the laptop is ever stolen or lost.