File Share Encryption

 View Only

  • 1.  Unlock Secondary Disk at Boot Time

    Posted Feb 12, 2014 07:37 AM

    I have Encryption Desktop v10.3.0 and have my primary and secondary disk encrypted. I type my password before windows boots, my primary disk is unlocked and I'm logged on to windows automatically. However I then I have to type in my password again to unlock my secondary disk. For some reason, this prompt comes up twice.

    Firstly, why does the prompt for the secondary disk appear twice?

    Secondly, can I get my secondary disk to unlock at boot time in the same was as my primary disk?

    I am the administrator of my machine, but not the system wide administrator for Encryption Desktop.



  • 2.  RE: Unlock Secondary Disk at Boot Time

    Broadcom Employee
    Posted Feb 12, 2014 09:01 AM

    Hi mjaggard,

    Has your machine been previously encrypted?
    Are these two disks similar?

    Check the WDE users of each disk (here assuming that "pgpwde --enum" will output disk numbers as 0 and 1). Open a CMD and type:
    c:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --list-users -d 0
    c:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --list-users -d 1

    Are they the same? What about the user type?

    Rgs,
    dcats



  • 3.  RE: Unlock Secondary Disk at Boot Time

    Posted Feb 12, 2014 09:09 AM

    They are not the same, this is the problem. The first disk has a user of type Symmetric and an attribute of S (SSO), the second disk has two users of type PGP Key.

    How do I add the first user to the second disk and/or re-encrypt the second drive as this user?



  • 4.  RE: Unlock Secondary Disk at Boot Time

    Broadcom Employee
    Posted Feb 12, 2014 10:54 AM

    Hi mjaggard,

    That's what I suspected. You are being prompted for the passphrase of the key.
    Assuming you have the proper permissions:
    - Backup your data!
    - Open the Symantec Desktop Encryption client and go to PGP Disk, select the secondary disk and click "New Passphrase User" in the next screen choose "Use Windows Password" and continue the process.

    If you don't have permissions, you will need to contact the Symantec Encryption Management Server (SEMS) administrator.

    Rgs,
    dcats



  • 5.  RE: Unlock Secondary Disk at Boot Time

    Posted Feb 13, 2014 02:50 AM

    Thanks for your help dcats,

    I've added my SSO user to disk 1 but I still have the another user there and the disk is not unlocked until I type a password, and I'm still prompted for the password twice.

     

    Is the fact that I have another user causing the disk to not be unlocked by the SSO? I can't seem to remove the other user via the GUI.

     

    Many thanks,

    Mat.



  • 6.  RE: Unlock Secondary Disk at Boot Time

    Broadcom Employee
    Posted Feb 13, 2014 09:25 AM

    Hi Mat,

    You will need to decrypt that disk because it has been encrypted to a PGP key which is not the same as the user records used by Bootguard.
    This disk is currently visible to Windows as an external drive, that's the reason it allowed this operation.

    • Backup all your data.
    • Decrypt the secondary disk and update the drivers of the machine. You need to have permissions for this. To be safe, I would completely decrypt the machine (starting by the secondary) and then update the drivers.
    • Both disk should appear as fixed disk.
    • Encrypt the machine.


    See also Best Practices: Symantec Drive Encryption - TECH149543.


    Rgs,
    dcats