Video Screencast Help

The WDE-ADMIN Active Directory Group

Created: 21 Jan 2013 • Updated: 23 Jan 2013 | 1 comment
This issue has been solved. See solution.

I need help on managing clients remotely using a Symantec drive encryption admin AD group. I know there are instructions and they call to create a new Administrator group called WDE-ADMIN in Active Directory. What I'm confused about is how you configure this group on the Universal server for the encryption policy rules I have set. The only WDE option on the universal server is to set the WDE admin password, which I did and that password work fine. I want to be able to add all the LAN admin groups as a member of the WDE-ADMIN group and have any of those support persons be able to encrypt/decrypt and access the encrypted drive for troubleshooting needs.

Can someone post a detailed document about what OU this WDE-ADMIN group should be in and how you configure this on the universal server so it can be applied via a PGP policy update?

Thanks in advance...

Comments 1 CommentJump to latest comment

Alex_CST's picture

As long as the OU is in the same domain structure, it doesn't matter where it is.

That group is mainly used for administrator restart bypass - http://www.symantec.com/docs/HOWTO42006

And here's the list of what you can do with the WDE-ADMIN OU: http://www.symantec.com/docs/TECH149346

It's a plug and play - there is no configuration to do on the Universal Server.  If a user is in that OU, they can restart a machine and bypass the WDE Bootguard

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

SOLUTION