Video Screencast Help

Symantec Desktop Encryption - Install only Disk Encryption?

Created: 15 Jul 2013 • Updated: 15 Jul 2013 | 5 comments

I'd like to install only the local disk encryption and omit the PGP email Encryption. The file that I'm using is called PGPDesktop_en-US.msi. I've looked into the various MSI switches for the for msi package and have disabled everything that I can dealing with PGP Email encryption. But, after installation, the Symantec Encryption Desktop till asks for for an email address and sends out a verifcation email for me to check. This all has to do with email encryption which I do not want at this time. Is there a way to disable this and only install the WDE part? 

 

Thanks

Matt Moore

Operating Systems:

Comments 5 CommentsJump to latest comment

Tom Mc's picture

It sounds like you have already been to this Knowledge Base Article, but just in case:

http://www.symantec.com/docs/TECH149282

The asking for an email address/for you to generate a key, does not mean that the email component is installed.  Even if you purchase the WDE only license, you still have the option of encrypting files.  If you want others to be able to encrypt files to you, others need to have your public key for such encryption.  If you generate a key for this purpose and want it on the Global Directory for others to use, the key must have an email address - the confirmation request sent by the Global Directory when you place it there, is only a confirmation of the email address - an indication that the person at that email address is the true owner of the key.  It sounds like you should select the option of not sending your key to the Global Directory.

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

cmatthew.m's picture

Your quick response is much appreiciated. Thank you. 

"It sounds like you should select the option of not sending your key to the Global Directory." 

I have not seen this option. Is this after something that is selectable after software is fully installed? The problem that I have with the email verifcation is that directly after the installation and restart of the computer a window pops up that requires an email address. This means I have to have  MS Outlook or other email client installed on the laptop and email set up for that particular user. I guess, there's not really way to avoid configuring a PGP key for the user even if we won't be using PGP email encyption in our organization? Maybe, I'm not undestanding how WDE works. I was thinking it was completely local as well as totally separate from the Email Encryption.     Thanks again for you time. 

Tom Mc's picture

When a key is generated locally, upon its completion, one is asked whether to send it to the Global Directory.

Are you in a PGP Universal managed setting?  If so, this may be why you are experiencing the email address request upon the reboot.  I'm confused as to why you need an email client installed in order to enter an email address in a dialog box.

Does it help to disable the option of Secure Email on the Messaging tab of PGP Options?

When you consider your issue resolved, please click Mark As Solution on the most helpful response.

Search the Knowledge Base &

cmatthew.m's picture

Maybe some screenshots can help clarify the matter a bit more. 

Firstly, Heres the msi switches that I am currently using. 

msiexec /I pgpdesktop_en-US.msi PGP_INSTALL_MAPI=0 PGP_INSTALL_NOTES=0 PGP_INSTALL_LSP=0 PGP_INSTALL_GROUPWISE=0 PGP_INSTALL_NETSHARE=0 PGP_INSTALL_MAPI_PLUGIN=0

After I run that command, The software is installed and asks for a reboot: Upon Login, I'm presented with this screen: It asks me to enter my email address. I do this and hit next.  

Screen1.PNG

After I enter the email address, and hit next, I'm presented with this screen:

Screen2_0.PNG

This is where you need an actual email client installed as it needs it to verify who you are. Symantec sends an automated email that has a special PGP message inserted at the end of the email that it reads to continue the process.  I've tried just opening up web mail to do it, but it won't work. You must install an email client, when the message comes in, Symantec Encyption Desktop automatically notices the email, runs a process in the background and then deletes the automated email.  After that, I am able to click 'next' on the screen above to finish the process.  It will not allow to click next until this is verified. 

I was hoping that I could skip Enrollment and Key Generation all together (steps 1-4 as listed in the above image), as I don't think that Email Encyption and WDE rely on one another, but I maybe I am entirely wrong. Or, I was thinking that maybe there's an installation file that only has the WDE section.

The reason that I am wanting this is because our help desk configures new laptops for our users. We are not using the PGP key email encryption. They also do not need a local email client installed and configured on their laptops as most of them use webmail. We also do not have access to their email addresses in order to setup and verify their accounts. They do however, need WDE. So, for those reasons and in the interest of lessing the time it takes to configure these laptops, it would be nice to not have install this section of the software. -- 

 

Thanks again for you time. I hope this answers you questions.   

 

Sean_Moore's picture

Matt,

Are you using AD and a Universal Server for management? You can use the Directory Synchronization for enrollment instead. This way the user enters their credentials instead of an email address. This needs to be configured at the Universal Server.

You can also enable silent enrollment using this method too.

Sean.

MCTS,MCSA,ACSA,SCS,STS
SME - SEP/SCSP/MS-BITLOCKER