Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Query PGP Desktop Drive Encryption Status

Created: 22 May 2012 | 5 comments

We're looking for a way to script a query of the encryption status of a drive that (may) have been encrypted using PGP Desktop to see if users are actually going through the encryption process. 

Doesn't look like this info is stored in the registry or any WMI interfaces. 

Where we're at right now is running "PGPwde.exe --status --xml >> C:\Logs\pgpDesktop.xml" to output the status. This works great when run as the user that encrypted the drive: when running as another account or the LocalSystem account, we're getting the error "Error code -12450: administrative prefrences file not found".

Is there a better way to script this, or if not, a way to generate those prefences programatically? 

Comments 5 CommentsJump to latest comment

Julian_M's picture

I asume this is a standalone installation. If not, this feature you need is included in PGP Universal Server.

"Error code -12450: administrative prefrences file not found". means "This user account is not configured to use PGP".

So you can either:

  • Run PGP Desktop as this localadmin, configure the product and then run the command.
     
  • use runas /user user@domain "c:\program files\pgp corporation\PGPwde.exe --status --xml >> C:\Logs\pgpDesktop.xml"
    You will be prompted for user´s password after running command above
     
  • Copy user_with_pgp\application data\pgp corporation folder to localadmin\application data\pgp corporation  (not sure if this will work)

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

cwastell's picture

It's an instance that's part of a PGP Universal Server, we're just trying roll that status into another tool (specifically SCCM compliance reporting). Because it'll be automated, running it as the user with "runas" isn't an option. It'll be running as the System Account; I can copy the contents of the folder from: 
C:\Users\<User that encrytpted drive>\AppData\Roaming\PGP Corporation\PGP Desktop

to

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\PGP Desktop

And it'll run just fine as the System Account. 

Which begs the question: is there a way to programatically generate that administrative preferences file?

Julian_M's picture

you can use command batch to copy directory

C:\Users\*.domain\AppData\Roaming\PGP Corporation\  

//access the first profile folder that in the form "username.domain". (No matter what username)

copy /Y PGP C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\

copy these 2 commands to a notepad, save as script.bat. Double click and it should start

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.
 

cwastell's picture

Is the perf file unique per-machine or can I just grab one off a machine, throw it in a package, and roll it that way since all it's being used for is a quick query of the drive status? 

Julian_M's picture

Its not unique. But in this case, we just need any prefs to let pgpwde run. You can use same preferences .That will probably work.

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.