I currently have the PGP/Symantec Desktop encryption client installed on a test server. The reason for this is to give a PGP enrolled service accounts the ability to read encrypted data for PeopleSoft processing functionality. Two problems I’m having. When I, myself, physically logon into the PGP client installed server, the server wants to start full disk encryption per the whole disk encryption policy I’m in. This is going to be a problem because most server administrators are going to be in this WDE policy. Is there a way, possibly in the registry, to turn off this full disk encryption trigger on the server so that anyone that is in the WDE encryption policy will not trigger automatic full disk encryption when logging on?
The other problem I’m having is with the command line function. I want to automatically unlock and read the encrypted content on the PGP secured folder without physically being logged into the server. The service account is already in the policy to be able to access the encrypted data folder. When I log in with the account locally, I’m able to access and ready the encrypted content. When I try to run a batch file that is running as this service account on that server, it will apparently not unlock since the data it reads is all gibberish, meaning it was read encrypted. The command I’m including in my script is “pgpnetshare –unlock. The weird thing is, when I’m logged into the server as myself and I run the command, the PGP client unlocks and the service account is able to read the data correctly. I have no idea what is going on and what command line I can use for this task. All I want to do is to read the encrypted data without physically logging into a server while running a command using a PGP enrolled service account. Is this possible? Do I need to include the passphrase? If so how do you script a passphrase without having it seen as clear text?
Thanks