James01
You could tell the version of the software if you are able to launch PGP desktop. Click Help and then about.
If the release notes are of the same setup file that was used to install PGP desktop and no upgrade was done then the version will be 10.1
10.1 is a very old version. the latest version is 10.3.2 MP 9
Yes, you can slave the disk to another computer as USB. However tyhe other computer must have PGP 10.1 or higher installed.
Once this is done you can use the PGP command list to find out how many users were enrolled on this disk.
If PGP desktop is unmanaged on the affected hard drive (i.e. not reporting to a PGP server which is usually when you have more than 100 users using PGP desktop in your environment), then there are only 2 options to decrypt the disk.
1. Find out how many users where enrolled on the disk by using the --list-user command.
If any other user besides the forgotten user is listed, try using their password to decrypt the disk next with --decrypt.
Command list:
https://support.symantec.com/en_US/article.DOC3604.html
You can also create a recovery disk to decrypt the disk. However, again,
if standalone/unmanaged then you will need the users password to start decryption
Recovery disk images:
http://www.symantec.com/docs/TECH152604
.. use 10.1.1 if you are going to attempt with recovery CD.
I would suggest slaving the disk as USB over using the recovery disk as decryption with the recovery disc could take days whereas with USB would be done in less than a day (depending on the disk size and other factors)
As of now from what i uderstand is this looks like a standalone install with 10.1 and the user who is enrolled on this PC is not reachable so we cannot get the passphrase. Our best shot would be to check if there are any other users enrolled and then see if we could get thier password to decrypt the disk.
If the laptop happens to be managed by a PGP server then there is lot more of a chance to recovery the disk. In a managed environment, the PC checks in with the PGP server and gives is encrypted to multiple recovery options like WDE Admin, Local Self Recovery, WDRT token.
Starting with 10.3.2 standalone version of PGP, users now are prompted with a WDRT token to note and keep in case the password was lost.
*Note:
Do not use the FixMBR command until you are certain you have checked all possible steps. Fixing the MBR would attempt fixing PGP's MBR if curropted and would not help.
Question:
Are we certain this laptop/PC is not managed by a PGP server ? If there is a PGP Universal server, your IT Administrator will be aware of it.
There is a PGP stamp entry in registry which is responsible for client server communication. To check this go to Start>Run>Regedit. PGPSTAMP can be found in the following container:
32 bit machines: HKEY_LOCAL_MACHINE\Software\PGP Corporation\PGP
64 bit machines: HKEY_LOCAL_MACHINE\Software\Wow6432Node\PGP
- PGPSTAMP should look similar to this with ovid= pointing to your PGP server:
ovid=keys.yourdomain.com&mail=*&admin=1
if it equals Default then its a standalone client.
Other helpful Article:
http://www.symantec.com/docs/TECH149679