File Share Encryption

 View Only

  • 1.  PGP WDE Desktop Client

    Posted Jul 03, 2014 04:02 PM

    Hi Team,

    I am configuring (testing) PGP US-3.2.1 and WDE Desktop clien 10.2.1.4940.

    My requirement is after installing the WDE Client on end user system with Silet enrollment, here I want to encrypt the end user (WDE Client) internal hard disk automatically and user hould not allowed to stop the encrption process.

    Is there any option at the Universal Server side not to stop the encryption of WDE Client (user system)

    Thank you in advance



  • 2.  RE: PGP WDE Desktop Client

    Broadcom Employee
    Posted Jul 04, 2014 02:46 AM

    Hi, there

    To be able to achive this make sure while setting up the policy on SEMS ( SEMS > Consumers > Consumer Policy > Default > Desktop button > Drive Encryption tab ) that are as follow:

    a) Operation - Allow User Management - Internal Disk - Untick

    b) Operation - Allow Encryption -  tick

    c) Operation - Allow Decryption - Untick

    d) Operation - Removable Disks - All Untick

    Use "Allow encryption of disk to existing Windows Single Sign-On password" with option tick "Automatically encrypt Boot disk at Installation"

    I would also enable "Whole Disk Recovery Tokens" and "Encrypt Drive Encryption disk to a Disk Administrator Passphrase" just to have a controll and recovery

    As you want to Setup a Silent enrollment make sure that you are familiar and follow the following KB:

    HOW TO: Enable Silent Enrollment for Symantec Encryption Desktop
    http://www.symantec.com/docs/TECH149857

    and if you want to go step further for the Invisible Silent Enrollment follow the one below:

    HOWTO: Configure Invisible Silent Enrollment for Symantec Encryption Desktop Clients
    http://www.symantec.com/docs/HOWTO77014

    HTH

     

     

     



  • 3.  RE: PGP WDE Desktop Client

    Posted Jul 04, 2014 05:26 AM

    Hi _Adam_,

    Thank you for the procedure you shard.

    But my requirement is that when the encryption starts in that Window on right top corner we can see the "stop" or "Pause" button, my point is to disable this Stop or Pause buttons for the first time Encryption process.

    This will make all the systems in my network will be encrypted (compulsory).

    Need the help in this regard.

    Thank you



  • 4.  RE: PGP WDE Desktop Client
    Best Answer

    Broadcom Employee
    Posted Jul 04, 2014 10:12 AM

    Hi, Indira

    I would not worry so much about disabling this button as this will not be possible.

    If you don't want your user to be able to "Stop" AND "Pause" your encryption process simply as per my first post disable/untick all features as follow:

     a) Operation - Allow User Management - Internal Disk - Untick

    b) Operation - Allow Encryption -  Untick

    c) Operation - Allow Decryption - Untick

    d) Operation - Removable Disks - All Untick


    When the user click on "Stop" or "Paue" button as per policy he will not be able to unlock the drive to start decrypion/pause process. He will get then an error "Unable to decrypt: Not permitted by your Administrator" and decryption/pause will fail.

    If you wish to leave ONLY a "Pause" option available for user you will have to leave Operation - Allow Encryption -  tick

    Here is the KB please:

    PGP Whole Disk Encryption Pause Behavior
    http://www.symantec.com/docs/TECH193574

    HTH

     

     

     

     



  • 5.  RE: PGP WDE Desktop Client

    Posted Jul 11, 2014 04:42 AM

    Hi _Adam_,

    Thank you for your advice and it worked for me.

    Harsha Reddy



  • 6.  RE: PGP WDE Desktop Client
    Best Answer

    Broadcom Employee
    Posted Jul 11, 2014 05:51 AM

    Hi Harsha,

    Thank you for your feedback. If you don't mind Mark as solution this can help others while checking this forum to get a quick and verified answer.

    Thank you again.