File Share Encryption

Hi Everyone,

We have done the POC at customer place, they have below queries. any one can jump in and help me on this.

1. We are unable to recover password with security questions hints even we already defined custom questions & giving correct answers.
2. How we can integrate this product with Active Directory.
3. Most of user’s having admin privilege in our organization & user will remove Symantec  Encryption Desktop PGP application  from system in that case all the applied securities will be still remain or removed?
4. We are unable to encrypt Windows drive partition in MacBook Air.
5. Is there any way to save recovery keys or token in centralized shared location.

Appreciate your help.

I really appreciate your efforts and thank you so much for the comments..

Assuming PGP Desktop (not the SEE product)

1. We are unable to recover password with security questions hints even we already defined custom questions & giving correct answers.
   1. I have never tried to recover a password using the security questions. I am not sure if it is possible. I do know that it's purpose is to get past the bootguard screen. Once you're are into the computer you can decrypt or add/remove users from the disk encryption if you have an ADK or admin passphrase. Those features are policy based and come with the PGP Universal server. If the encryption (pgp desktop install) is standalone and you added one passphrase user and have forgotten that passphrase, I imagine that you may be stuck copying the data off and wiping the drive. I say this because I believe that once you've encrypted a drive, it will require unlocking by using one of the existing passphrases before you can add/remove users. If you only have one and you forgot it... you can use the WDRT. Someone else may have more experience with this. You always want to have a backup method to access the drive. the final method is the WDRT code which can be used to decrypt the drive.
2. How we can integrate this product with Active Directory.
   1. The PGP disk encryption has a Windows single-sign-on (SSO) feature. When you add a new passphrase user to a drive encryption you can use the SSO to type in the user's windows password at bootguard and get all the way into Windows.
3. Most of user’s having admin privilege in our organization & user will remove Symantec  Encryption Desktop PGP application  from system in that case all the applied securities will be still remain or removed?
   1. Your users have admin privileges, and they remove your security software? Sounds like a real concern that should be addressed by management. Regardless, the PGP Desktop software won't uninstall if there are still encrypted drives attached. If you remove the software, the protections it provides are no longer in place.
4. We are unable to encrypt Windows drive partition in MacBook Air.
   1. I have no experience with this.
5. Is there any way to save recovery keys or token in centralized shared location.
   1. If you have a PGP universal server, the organization ADK (additional decryption key) and the whole disk encryption WDRTs are on the server automatically so that you can recover data.
   2. If you have a standalone PGP desktop with no server ties you will have to manually back up keys and WDRT codes.