Video Screencast Help

PGP WDE for Domain environments using super silent install

Created: 26 Sep 2012 • Updated: 27 Sep 2012 | 2 comments
This issue has been solved. See solution.

Hi there,

I have a PGP server which I am testing with at the moment. I currently have 2 computers encrypted using single sign on which is good but I need a quicker solution when it comes to deploying to the domain.

 

I have been reading up on http://www.symantec.com/business/support/index?page=content&id=TECH165962 which explains how I can do this silently and using group policy but I am confused on point 2 in the article. I tried to get the certificate off the server and then import it onto the client pc but the file is not recognised if the pc does not have pgp on. I know normally with certificates you can double click the cert and install it this way but I am confused how this cert is installed before the pgp desktop program is ran.

 

The other question I have is once the pc has been encrypted silently and enrolled without the user knowing does that mean that the user will have to log onto the pc twice or alternatively use the single sign on feature?

 

Any help you could give me would be appreciated.

 

Many Thanks

Comments 2 CommentsJump to latest comment

Alex_CST's picture

This is a Group Policy question rather than WDE, but i'll help you out.

You should have your SSL Certificate (pfx, p12, p7x, sst etc file extensions) either self-signed by the UN (Universal Server) or purchased one through a CA, or when you get the "View Certificate" when enrolled non-silently, you can do it this way:

  • Go to view certificate
  • Details tab
  • Copy to file
  • Export to Cryptographic Message Syntax Standard (dont tick bo to include all certificates in cert path)
  • Save file

Now you have your certificate in a file, go to your DC:

  • Inside your GPO Editor edit your policy
  • Computer configruation
  • Windows Settings
  • Security Settings
  • Public Key Policies
  • Trusted Root Certification Authorities, right click and import
  • Now import your file by going through the wizard

And presto, you have your SSL certificate installed once the the policy updates

 

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

SOLUTION
aholland's picture

Hello, thanks for helping me out and apologies that it's in the wrong place. I have read what you have suggested and I have done the following:

 

Exported the organisation Certificate and added this to trusted keys to create a trusted certificate.

So now I will get this into group policy and start working on a silent install for them.

 

 

Thanks for your help it is very much appreciated.