File Share Encryption

 View Only

  • 1.  The WDE-ADMIN Active Directory Group

    Posted Jan 21, 2013 06:05 PM

    I need help on managing clients remotely using a Symantec drive encryption admin AD group. I know there are instructions and they call to create a new Administrator group called WDE-ADMIN in Active Directory. What I'm confused about is how you configure this group on the Universal server for the encryption policy rules I have set. The only WDE option on the universal server is to set the WDE admin password, which I did and that password work fine. I want to be able to add all the LAN admin groups as a member of the WDE-ADMIN group and have any of those support persons be able to encrypt/decrypt and access the encrypted drive for troubleshooting needs.

    Can someone post a detailed document about what OU this WDE-ADMIN group should be in and how you configure this on the universal server so it can be applied via a PGP policy update?

    Thanks in advance...



  • 2.  RE: The WDE-ADMIN Active Directory Group
    Best Answer

    Posted Jan 22, 2013 05:32 AM

    As long as the OU is in the same domain structure, it doesn't matter where it is.

    That group is mainly used for administrator restart bypass - http://www.symantec.com/docs/HOWTO42006

    And here's the list of what you can do with the WDE-ADMIN OU: http://www.symantec.com/docs/TECH149346

    It's a plug and play - there is no configuration to do on the Universal Server.  If a user is in that OU, they can restart a machine and bypass the WDE Bootguard