Hi Folks,
After seeing a another post about using SKM and a symmantec employee asking for more info to help out I thought I'd share my upgrade queries...
I rolled out PGP US 2.10 and desktop 9.10 a few years ago, without the proper testing and time being put into properly knowing what I was doing. This being the case... the only feature we use PGP US/Desktop for is WDE, no email/netshare etc.
When we originally rolled it out we soon discovered it seemed to be geared towards a single device per user set-up which is not what we have. We have quite a few "hot desk" departments where people log into whatever deivce they can (you can imagine the headache when they were all set-up as single sign on users and change password every month having issues with what password is synched to the "grey screen"). To get round this we set-up shared passphrases so a whole department has the same passphrase, not ideal but the only option we could find. We then found out about key reconstruction and set that up so when other users who were noramlly on one device had a device rebuilt or moved device we could get them to answer the questions rather than having to delete and start again.
So we have finally got some time and have decided to upgrade to US 3.2 and Desktop 10.2 and hopefully get SKM working with Local self recovery passwords to hopefully avoid the daily use of WDRT's left right and centre. All the waffle above sets the scene hopefully for the question..... All our users are currently set-up as GKM, if I amend the policy for users to use SKM instead would they automatically switch (wihout having to re-enroll etc)? After a couple of years I predict 0% of them would know/remember their private key password and I'm a bit dubious of what effects it could have.
Also anyone else got a work around for the shared passphrase option we use?
Thanks for anyones time!
Phil