Prevent users to pause the encryption process
Created: 29 Jan 2012 | 22 comments
We are using PGP WDE with PGP Universal Server 3.2MP3 and created our policies so that user-initiated processes, such as user-initiated encryption or decryption, are not allowed. BUT, as soon as the automatic encryption starts after the first enrollment, the end-user can pause the encryption process. We are using SCKM, but also tried the SKM, where the keys are stored only in the Universal Server.
What should be our approach to prevent users to pause the automatic encryption process?
Discussion Filed Under:
Comments
this is a known bug (in PGP
this is a known bug (in PGP Desktop GUI) and its still being worked by our Developement team.
Incident Number: 2586361
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
Unable to Decrypt Drive/Partition...
Hi All,
My name is Jitendra from india and we are using PGP Universal server 3.2 in our company in India. We have created a policy and download the client installer and implemented on Laptop. Now the problem is that while encrypting the drive it stopped itself on 96%. now we are not able to access the drive anymore. we have also tried with PGP recovery but still drive is not decrypted and not accessebale. we have already looged a case (Case ID-416-266-699), but we dii not recieved any responce/solution from symantec.
I am requesting to you guys please help us to resolve this issue as we have very very critical data on the drive.
Thanks,
Jitendra Kumar
+919910164884
try c:\program files\pgp
try c:\program files\pgp corporation\pgp desktop
pgpwde --resume --disk 0 -p PASSWORD
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
Hi Julian_M, Actualy we have
Hi Julian_M,
Actualy we have run WDE recovery through the recovery ISO image and the result is that C:\ Partition decrypted successfully but D:\ still not decrypted and also not acceessible anymore. So how can i recover the the Second partition i.e. D:\.
Is this cammand can help after doing all the above activity.
I suggest trying to
I suggest trying to authenticate and decrypt drive using command line
http://www.symantec.com/business/support/index?pag...
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
I have already tried but it
I have already tried but it displaying an error while running any command as below.
"C:\Program Files (x86)\PGP Corporation\PGPDesktop>pgpwde --help
Operation [Unknown] failed:
Error code -12450: administrative preferences file not found
and when i am trying to open the partition it showing me below error.
"D:\ Disk is not accessible
The volume does not contain a recognize file system, please make sure that all require file system driver are loaded and that the Volume is not currpted.
please help me....?????
"D:\ Disk is not accessible
"D:\ Disk is not accessible since drive is encrypted so is not readeable by windows , needs to be decrypted. or authorized by PGP so you can read.
Error code -12450: administrative preferences file not found
%appdata%\PGP Corporation\PGP folder does not exists. Policy and preferences are stored there.
You will have to enroll PGP Desktop client again.
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
I have enroll the system
I have enroll the system again and running the below command but still no success...
C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --disk 0 --partition 4
--force --decrypt --passphrase ********
Operation start decrypt disk failed:
Error code -11973: resources unavailable
C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --disk 0 --partition 0
--force --decrypt --passphrase *******
Operation start decrypt disk failed:
Error code -11973: resources unavailable
I run Diskpart on the system and below is the partition status.
Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer:
DISKPART> list disk
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
DISKPART> select disk 0
Disk 0 is now the selected disk.
DISKPART> list partition
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 150 GB 1501 MB
Partition 0 Extended 136 GB 152 GB
Partition 4 Logical 136 GB 152 GB
Partition 3 Primary 9 GB 288 GB
DISKPART>
Please help ...?
In spite of the fact that
In spite of the fact that your question is totally irrelevant to my issue, I would like to help you.
What does pgpwde --enum says?
check what filesystem are
check what filesystem are those partitions.
if encrypted, it should be raw data.
run --enum has Oben suggested
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
Hi All, Please see we have
Hi All,
Please see we have run tyhe Enum command and status command , please check and help me to recover the data.
OK. Now try pgpwde --decrypt
OK. Now try
pgpwde --decrypt --disk 0 --all --passphrase PASSWORD
where PASSWORD is the passphrase of the authenticated user.
Need Help Urgent !!!!!!!
hi All i need help from you guys,
i deleted my one Machine from WDE Computer, from PGP universal Server console, how can i recover it. please help me its very urgent...
In universal: delete disk
That´s it :)
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
can you provide update? did
can you provide update? did this work ,? if so, please mark as solution
When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
About the bug
Hi Julian,
Do you know when will the patch for the bug related to pausing the encryption be out? We could not see it in MP4.
Thanks,
Oben
MP5
MP5 is reported to be released later this month. Will this fix be included in this version? We continually struggle with users pausing the encryption process and causing security/compliance issues. I was unaware they should not be allowed by the policy until I read this thread.
Jonathan and Oben, To
Jonathan and Oben,
To confirm, this problem occurs when you have decryption disallowed on internal disks in your consumer policy? (see screenshot attached).
Our case
Hi Ben,
Yes, this is the case in our end. We have also disabled the user-initiated encryption and user management.
Yes, this is already the
Yes, this is already the expected behavior on mac some customers have reported this as a "bug" since they cannot choose to decrypt or pause encryption once decryption is disallowed. But if that is not consistent on windows then we should probably have this feature evauluated and tested again.
Windows case
We have tested the case on Windows machines. Even the user management, user-initiated encryption AND decryption are not checked, non-wde-admin users can pause the encryption. We do not want that! :)
Ben, Our default policy
Would you like to reply?
Login or Register to post your comment.