Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Protect PGP Desktop?

Created: 18 Jun 2013 | 7 comments

We have PGP Desktop installed and using WDE  (whole disk encryption)

The problem -  Any windows users is able to open PGP Desktop and delete/add/change PGP users.

Is there anyway to prevent this?.    We are curently using  version 10.2.0.

Thank you

Operating Systems:

Comments 7 CommentsJump to latest comment

Alex_CST's picture

Are you using Universal Server?  You can prevent changes to it via policy there.

 

You also have the option to hide the PGP Desktop tray icon

  1. Open PGP Desktop.
  2. Click Tools > Options.
  3. On the General tab, remove checkmark next to Show PGP icon in the Windows System Tray
  4. Click OK.
Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Malik999's picture

Hi Alex

No we are not using Universal Server.

I have already hid the icon and removed it from the start menu but users are still able to open PGP directly from folder

C:/program files/pgp corporation/pgp desktop

Tom Mc's picture

Seems like you could do this by using Standard, rather than Admin, Windows user accounts for all users who you do not want making system wide changes.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Malik999's picture

Windows standard users can access program files folders.

Tom Mc's picture

With your being a WDE user, I was thinking more along the line of a non-admin not being able to decrypt the disk.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

Malik999's picture

The user has a laptop.

The user has the pgp password to unlock the laptop. They are a standard windows user.

However they are able to open the PGP desktop and decrypt the laptop.  I assume there is no way to prevent this?.  Its a shame you can't password protect the "PGP Desktop GUI".

Alex_CST's picture

You could prevent them from opening the pgp desktop program in group policy, and create a startup script to start pgptray using a service account or admin account?

Please mark posts as solutions if they solve your problem!

http://www.cstl.com