Endpoint Encryption

 View Only

  • 1.  Query PGP Desktop Drive Encryption Status

    Posted May 22, 2012 03:53 PM

    We're looking for a way to script a query of the encryption status of a drive that (may) have been encrypted using PGP Desktop to see if users are actually going through the encryption process. 

    Doesn't look like this info is stored in the registry or any WMI interfaces. 

    Where we're at right now is running "PGPwde.exe --status --xml >> C:\Logs\pgpDesktop.xml" to output the status. This works great when run as the user that encrypted the drive: when running as another account or the LocalSystem account, we're getting the error "Error code -12450: administrative prefrences file not found".

    Is there a better way to script this, or if not, a way to generate those prefences programatically? 



  • 2.  RE: Query PGP Desktop Drive Encryption Status

    Posted May 22, 2012 06:33 PM

    I asume this is a standalone installation. If not, this feature you need is included in PGP Universal Server.

     

    "Error code -12450: administrative prefrences file not found". means "This user account is not configured to use PGP".

    So you can either:

    • Run PGP Desktop as this localadmin, configure the product and then run the command.
       
    • use runas /user user@domain "c:\program files\pgp corporation\PGPwde.exe --status --xml >> C:\Logs\pgpDesktop.xml"
      You will be prompted for user´s password after running command above
       
    • Copy user_with_pgp\application data\pgp corporation folder to localadmin\application data\pgp corporation  (not sure if this will work)


  • 3.  RE: Query PGP Desktop Drive Encryption Status

    Posted May 23, 2012 10:32 AM

    It's an instance that's part of a PGP Universal Server, we're just trying roll that status into another tool (specifically SCCM compliance reporting). Because it'll be automated, running it as the user with "runas" isn't an option. It'll be running as the System Account; I can copy the contents of the folder from: 
    C:\Users\<User that encrytpted drive>\AppData\Roaming\PGP Corporation\PGP Desktop

    to

    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\PGP Desktop

    And it'll run just fine as the System Account. 

    Which begs the question: is there a way to programatically generate that administrative preferences file?



  • 4.  RE: Query PGP Desktop Drive Encryption Status

    Posted May 23, 2012 04:47 PM

    you can use command batch to copy directory

    C:\Users\*.domain\AppData\Roaming\PGP Corporation\  

    //access the first profile folder that in the form "username.domain". (No matter what username)

    copy /Y PGP C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PGP Corporation\

     

    copy these 2 commands to a notepad, save as script.bat. Double click and it should start



  • 5.  RE: Query PGP Desktop Drive Encryption Status

    Posted May 23, 2012 05:58 PM

    Is the perf file unique per-machine or can I just grab one off a machine, throw it in a package, and roll it that way since all it's being used for is a quick query of the drive status? 



  • 6.  RE: Query PGP Desktop Drive Encryption Status

    Posted May 24, 2012 01:11 PM

    Its not unique. But in this case, we just need any prefs to let pgpwde run. You can use same preferences .That will probably work.