The WDE-ADMIN Active Directory Group
I need help on managing clients remotely using a Symantec drive encryption admin AD group. I know there are instructions and they call to create a new Administrator group called WDE-ADMIN in Active Directory. What I'm confused about is how you configure this group on the Universal server for the encryption policy rules I have set. The only WDE option on the universal server is to set the WDE admin password, which I did and that password work fine. I want to be able to add all the LAN admin groups as a member of the WDE-ADMIN group and have any of those support persons be able to encrypt/decrypt and access the encrypted drive for troubleshooting needs.
Can someone post a detailed document about what OU this WDE-ADMIN group should be in and how you configure this on the universal server so it can be applied via a PGP policy update?
Thanks in advance...
Comments 1 Comment • Jump to latest comment
As long as the OU is in the same domain structure, it doesn't matter where it is.
That group is mainly used for administrator restart bypass - http://www.symantec.com/docs/HOWTO42006
And here's the list of what you can do with the WDE-ADMIN OU: http://www.symantec.com/docs/TECH149346
It's a plug and play - there is no configuration to do on the Universal Server. If a user is in that OU, they can restart a machine and bypass the WDE Bootguard
http://www.cstl.com
Would you like to reply?
Login or Register to post your comment.