Installing PGP Whole Disk Encryption

This document contains best practices for installing and using PGP Whole Disk Encryption as well as information on accessing to the PGP Universal Server.

Warning: Machines encrypted with PGP should not perform an operating system upgrade to Windows 10 at this time. Symantec is in the process of testing the operating system, but they are not certified at this point. Please contact your departmental IT support if you need assistance with any of these steps.


Microsoft Windows

PGP Desktop Best Practices

  • Review the PGP Whole Disk Encryption for Windows Quick Start Guide.
  • Review the Symantec Best Practices page.
  • Determine whether your target disk is supported. PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks.
  • Back up the disk before you encrypt it. Before you encrypt your disk, be sure to back it up so that you won't lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
  • Ensure the health of the disk before you encrypt it. If PGP WDE encounters disk errors during encryption, it will pause encryption so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption. For more information, see PGP Desktop for Windows Guides.
    • Run Check Disk on all internal hard drives
      1. Open My Computer.
      2. Right click on the hard drive (usually Local Disk (C:)) and select Properties.
      3. Click the Tools tab.
      4. Click on the Check button.
      5. Click Scan drive.
    • Highly fragmented disks should be defragmented before you attempt to encrypt them. Click Optimize under the Tools tab of the drive's Properties window to defragment.

PGP WDE Warnings and Precautions

  • A PGP encrypted disk must be decrypted before performing the following tasks:
    • Major operating system upgrades, ex. XP to Windows 7
    • Repartition encrypted hard drives
  • Use caution when using 3rd party disk defrag program. See PGP’s website for more information.
  • Do not use fixboot or fixmbr on a PGP WDE encrypted disk.

Deploying the PGP WDE Client

  1. Download the PGP WDE client - you will receive an email after your order has been processed with links for download.
  2. After install, you will be prompted to reboot.
  3. ENROLL into the PGP service when prompted; use NetID and NetID password.
  4. Encrypt the machine.
    • PGP Admin group policy will be able to encrypt device using full CPU to reduce initial decryption time.
    • PGP Admin group policy will be able to decrypt and uninstall client PGP WDE Warnings and Precautions.
  5. Add additional local userID/password to PGP client (if required).
  6. Reboot encrypted machine to verify Bootguard.
  7. Verify computer is registered as being encrypted within NU PGP Universal Server admin console.

Mac OS X

PGP Desktop Best Practices

  • Review the PGP’s Whole Disk Encryption for Mac Quick Start Guide.
  • Determine whether your target disk is supported. PGP WDE feature protects desktop or laptop disks, external disks, and USB flash disks.
  • Back up the disk before you encrypt it. Before you encrypt your disk, be sure to back it up so that you won't lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
  • Ensure the health of the disk before you encrypt it. For more information, see Ensure Disk Health Before Encryption in PGP’s Whole Disk Encryption for Mac Quick Start Guide.

PGP WDE Warnings and Precautions

  • A PGP encrypted disk must be decrypted before performing the following tasks:
    • Repartition encrypted hard drives
    • Running Boot Camp Assistant
    • Drive Recovery programs – Disk Warrior
  • Do not reboot, or shut down your Mac OS X system while PGP Desktop is encrypting or decrypting your disk.
  • Do not accept any Operating System updates while the disk is encrypting. If the update occurs automatically, do not restart your computer until the encryption process has completed.
  • Hibernation (also called Safe Sleep) is not supported with PGP WDE. When a Mac goes to sleep and runs out of battery power, the Mac will shut down and not go into safe sleep. It’s important to turn off the machine if it will run out of battery power.
  • Running Boot Camp setup assistant on a PGP WDE drive will cause data loss.
  • Safe boot is not supported.

Deploying the PGP WDE Client

  1. Download the PGP WDE client - you will receive an email after your order has been processed with links for download.
  2. After install you will be prompted to reboot.
  3. ENROLL into the PGP service when prompted; use NetID and NetID password.
  4. Encrypt the machine.
    • PGP Admin group policy will be able to encrypt device using full CPU to reduce initial decryption time.
    • PGP Admin group policy will be able to Decrypt and uninstall client PGP WDE Warnings and Precautions.
  5. Add additional local userID/password to PGP client (if required).
  6. Reboot encrypted machine to verify Bootguard.
  7. Verify computer is registered as being encrypted within NU PGP Universal Server admin console.

For additional assistance please contact the IT Support Center at 847-491-4357 (1-HELP), via chat at http://www.it.northwestern.edu/chat or via email at consultant@northwestern.edu.




Keywords:PGP encryption hard drive "PGP encryption" encrypt   Doc ID:62126
Owner:TSS Endpoint Management .Group:Northwestern
Created:2016-03-22 15:28 CDTUpdated:2019-02-04 11:58 CDT
Sites:Northwestern
Feedback:  0   0