File Share Encryption

 View Only
  • 1.  PGP Universal Server/ PGP WDE adding new users..Is there a better way?

    Posted May 22, 2012 11:24 AM

    We have PGP Universal server and when we get a new laptop in we load PGP on it and then add the users for the laptop that are going to be using it (we have a bunch of laptops that get passed from nurse to nurse).  The problem we have is when a new nurse gets hired we have to either remote into the laptop or have them (the nurse) drop it by so that we can add the new user to it.  Isn't there some way that PGP can be done from a Universal standpoint (like a management server) so that you can just goto an interface..choose the device and users on that device and add them or is this just a dream?   We have over 100 laptops and having to always touch them to add a new person is a real pain.  I'm looking for some sort of solution..



  • 2.  RE: PGP Universal Server/ PGP WDE adding new users..Is there a better way?

    Posted May 22, 2012 06:13 PM

    Unfortunately, only the local users can create or  modifiy disk encryption access lists. There is no way to do that from Universal server.

    Workaround for this:

    users can be added using command line :

    c:\program files\pgp corporation\pgp desktop\pgpwde  --add-user --disk 0 --user username -p password

    c:\program files <x86>\pgp corporation\pgp desktop for 64bit

    So if you script this command into a batch file, deploy using Group Policy and schedule time to run , it should make the trick

     



  • 3.  RE: PGP Universal Server/ PGP WDE adding new users..Is there a better way?

    Posted May 22, 2012 09:24 PM

    silent enrollment with auto encrypt policy on a PGP universal server will make it a bit easier. When a user logs into windows and enrolls in PGP desktop, their windows account will be added to the encrypted disk automagically.

    doesnt solve your issue if the computer is turned off.



  • 4.  RE: PGP Universal Server/ PGP WDE adding new users..Is there a better way?

    Posted May 23, 2012 06:25 AM

    This might be an option.   You have basic steps for setting this up.  Thanks!



  • 5.  RE: PGP Universal Server/ PGP WDE adding new users..Is there a better way?

    Posted May 23, 2012 09:53 AM

    there's a tech article out there, you will also want to be using server key mode (SKM) and turn off key and local recovery questions. Having those setup will make it so the user doesn't need to answer many questions when enrolling.

    HOWTO: Configure PGP Invisible Silent Enrollment

    http://www.symantec.com/docs/HOWTO77014