PGP Whole Disk Encryption Controller 10.2 Operating instructions

  • Hello! I am an AI chatbot trained to assist you with the PGP Whole Disk Encryption Controller 10.2 Operating instructions. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
PGP Whole Disk Encryption
Controller
User's Guide
10.2
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Version 10.2.1. Last updated: April 2012.
Legal Notice
Copyright (c) 2012 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.
No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if
any.
THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT
TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights
as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer
Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction
release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with
the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
Symantec Home Page (
http://www.symantec.com)
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
1
Contents
About PGP Whole Disk Encryption Controller
Components of a Typical PGP Whole Disk Encryption Controller Solution 1
About the PGP WDE Controller 2
Important Terms 3
Audience 3
Technical Support 4
Contacting Technical Support 4
Licensing and registration 5
Customer service 5
Support agreement resources 6
Before You Install the PGP WDE Controller 9
Before You Begin 9
About PGP WDE Administrator Keys 11
About the Shared Network Folder 12
About Whole Disk Recovery Tokens 12
About Single Sign-On 13
About PGP BootGuard Customization 14
Installing the PGP WDE Controller 15
System Requirements 15
Installing the PGP WDE Controller 15
Working with the PGP WDE Controller 17
Importing a PGP WDE Administrator Key 17
Adding PGP WDE Licenses 18
Specifying the Shared Network Folder Location 19
Establishing Client Settings on the PGP WDE Controller 21
Reporting Tab 21
Administrator Options Dialog Box 22
Whole Disk Encryption Tab 22
General Tab 25
Key Management Tab 26
File & Disk Tab 27
Creating and Testing Client Installers 29
Before You Create Client Installers 29
Creating Client Installers 29
Testing Client Installers 30
35
ii Contents
Deploying 33
After Deployment
Post-Deployment Considerations 35
Updating Policy After Deployment 36
Using a PGP WDE Administrator Key 37
Using Whole Disk Recovery Tokens 38
Viewing PGP WDE Event Information 39
Migrating to a PGP Universal Server-Managed Environment 39
Index 41
1
About PGP Whole Disk Encryption
Controller
PGP Whole Disk Encryption Controller is a software tool that provides full-disk
encryption for your organization's Microsoft Windows systems.
PGP Whole Disk Encryption Controller has two parts:
a management application, called PGP Whole Disk Encryption Controller, which
you use to configure policy and create client installers that are pre-configured
with established policy. Once deployed, the management application can also be
used to view status reports on the deployment and create updated policies.
client software, which installs PGP Whole Disk Encryption Controller onto the
Windows systems of your users.
A PGP Whole Disk Encryption Controller can manage up to 100 client installations.
In This Chapter
Components of a Typical PGP Whole Disk Encryption Controller Solution..........1
About the PGP WDE Controller..................................................................................... 2
Important Terms ............................................................................................................. 3
Audience ........................................................................................................................... 3
Technical Support ........................................................................................................... 4
Components of a Typical PGP Whole Disk Encryption
Controller Solution
The following are elements of a typical PGP Whole Disk Encryption Controller solution:
PGP Whole Disk Encryption (WDE) Controller is a platform for creation and
management of PGP WDE Workgroup Edition client software. The PGP WDE
Controller:
installs on any Windows system in the network.
provides policies for the client installers.
creates the client installers.
maintains deployment reporting information.
The client installer software is created by the PGP WDE Controller, then deployed
to and installed onto the Windows systems of your users.
Shared network folder (optional, but recommended). A Samba (SMB/CIFS) server
that holds:
2 About PGP Whole Disk Encryption Controller
About the PGP WDE Controller
policy files, which are automatically downloaded and implemented by
installed clients.
log files, for analysis by administrators.
WDRTs, for use when needed to access an encrypted drive.
system usage information, for analysis by administrators.
Related Topics
About the PGP WDE Controller (on page 2)
Important Terms (on page 3)
Audience (on page 3)
Technical Support (on page 4)
About the PGP WDE Controller
PGP WDE Controller is a standalone application that runs on recent versions of
Microsoft Windows (see the System Requirements for supported versions).
It does not require its own computer, and there are no servers or databases to configure
or manage. You can configure and deploy the client software with a basic knowledge of
Microsoft Windows administration.
Install PGP WDE Controller on any Windows system in the same network as the
systems to which the client software will be downloaded.
Note: Installing PGP WDE Controller and PGP Desktop on the same system makes it
easier to create the PGP keypair you will use as the PGP WDE administrator key.
Once installed, use PGP WDE Controller to establish policy for the client installers.
These policies are embedded into the client installers and are implemented when the
software is installed onto the Windows systems of your users. Refer to the PGP WDE
Controller online Help for information on each configuration option.
Updated policies can be created and saved to the network share location; installed
clients (version 10.1 and greater) will automatically download and implement these new
policies.
Note: If the LAN on which the system hosting PGP WDE Controller runs uses a proxy
server (Tools > Internet Options > Connections > LAN Settings > Use a proxy server
for your LAN is checked), then you must also check Bypass proxy server for local
addresses in order for PGP WDE Controller to run.
Related Topics
Components of a PGP WDE Workgroup Edition Solution (see "Components of a
Typical PGP Whole Disk Encryption Controller Solution" on page 1)
Important Terms (on page 3)
Audience (on page 3)
3 About PGP Whole Disk Encryption Controller
Important Terms
Technical Support (on page 4)
Important Terms
PGP WDE Workgroup Edition: A product from Symantec Corporation that includes the
PGP WDE Controller application, client installers, and a shared network folder.
PGP WDE Controller: An application for creating and managing PGP WDE Workgroup
Edition client software.
client installer: An installer application created by PGP WDE Controller that installs
PGP WDE software on end users' Windows systems.
shared network folder: A shared folder on a network that holds information and files
used to manage installed PGP WDE clients.
PGP Whole Disk Encryption: A software product from Symantec Corporation that
secures files stored on protected drives with transparent full disk encryption. It also
includes other encryption features.
full disk encryption: A security industry term for encryption of all data on a drive
below the application layer.
Whole Disk Recovery Token: A feature of PGP WDE where a recovery token is created
that can later be used to recover access to a drive if the normal authentication method
is no longer available. In a PGP WDE Workgroup Edition environment, WDRTs are
stored on the shared network folder.
PGP WDE administrator's key: A PGP WDE administrator key, used in conjunction
with a smart card or token, logs in to a user's system at the PGP WDE BootGuard screen
using two-factor authentication. This allows the administrator to access the system of a
user if they are not available or willing to provide access.
Related Topics
Components of a Typical PGP WDE Workgroup Edition Solution (see "Components
of a Typical PGP Whole Disk Encryption Controller Solution" on page 1)
About the PGP WDE Controller (on page 2)
Audience (on page 3)
Technical Support (on page 4)
Audience
This Guide assumes you are an IT or messaging support professional who will be
performing one or more of the following tasks:
Setting up and configuring PGP Whole Disk Encryption Controller as the
management server for PGP WDE users.
4 About PGP Whole Disk Encryption Controller
Technical Support
Understanding and configuring PGP WDE client options.
Creating, testing, and deploying the PGP WDE client installers.
Handling post-deployment issues.
Related Topics
Components of a Typical PGP WDE Workgroup Edition Solution (see "Components
of a Typical PGP Whole Disk Encryption Controller Solution" on page 1)
About the PGP WDE Controller (on page 2)
Important Terms (on page 3)
Technical Support (on page 4)
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to respond to specific queries about product features and functionality.
The Technical Support group also creates content for our online Knowledge Base. The
Technical Support group works collaboratively with the other functional areas within
Symantec to answer your questions in a timely fashion. For example, the Technical
Support group works with Product Engineering and Symantec Security Response to
provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
A range of support options that give you the flexibility to select the right amount
of service for any size organization
Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
Upgrade assurance that delivers software upgrades
Global support purchased on a regional business hours or 24 hours a day, 7 days a
week basis
Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our Web site at the
following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement and
the then-current enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
www.symantec.com/business/support/
5 About PGP Whole Disk Encryption Controller
Technical Support
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at the
computer on which the problem occurred, in case it is necessary to replicate the
problem.
When you contact Technical Support, please have the following information available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
Error messages and log files
Troubleshooting that was performed before contacting Symantec
Recent software configuration changes and network changes
Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:
www.symantec.com/business/support/
Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
Questions regarding product licensing or serialization
Product registration updates, such as address or name changes
General product information (features, language availability, local dealers)
Latest information about product updates and upgrades
Information about upgrade assurance and support contracts
Information about the Symantec Buying Programs
Advice about Symantec's technical support options
Nontechnical presales questions
Issues that are related to CD-ROMs or manuals
6 About PGP Whole Disk Encryption Controller
Technical Support
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Asia-Pacific and Japan [email protected]
Europe, Middle-East, Africa [email protected]
North America, Latin America [email protected]
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Version 10.2.1. Last updated: April 2012.
Legal Notice
Copyright (c) 2012 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, PGP, Pretty Good Privacy, and the PGP logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering.
No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if
any.
THE DOCUMENTATION IS PROVIDED"AS IS"AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT
TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR
INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.
THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights
as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. “Commercial Computer
Software and Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction
release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with
the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
Symantec Home Page (
http://www.symantec.com)
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
2
Before You Install the PGP WDE
Controller
This section describes the things you should do before you install the PGP WDE
Controller and also provides background information about a number of important
features of PGP WDE.
In This Chapter
Before You Begin ............................................................................................................. 9
About PGP WDE Administrator Keys.........................................................................11
About the Shared Network Folder ..............................................................................12
About Whole Disk Recovery Tokens ..........................................................................12
About Single Sign-On ...................................................................................................13
About PGP BootGuard Customization........................................................................14
Before You Begin
Before you install the PGP WDE Controller or deploy the client installers, complete
these tasks:
Create a PGP keypair with PGP Desktop to use as the PGP WDE administrator key.
The PGP WDE administrator key has several purposes. During client installation,
it is used to encrypt the WDRTs during the client installation process. After
deployment, it is used for administrator access to the WDRTs, as well as providing
an additional means of access (in combination with smart cards or tokens) to
locked systems.
Note: If you don't already have an existing installation of PGP Desktop to use to
create the keypair, you need to install it. With the acquisition of PGP Corporation
by Symantec Corporation, PGP operations is in the process of integrating with
Symantec operations. To obtain a copy of PGP Desktop, use the second download
link if the first link does not appear operational.
To obtain PGP Desktop if needed:
• Go to the PGP License and Entitlement Management System (LEMS) and log in
(
https://lems.pgp.com/account/login). Install the software using your PGP Whole
Disk Encryption license. The PGP Desktop installer is posted in the PGP WDE
Workgroup Edition section of the Download Center on LEMS.
• Go to Symantec FileConnect (
https://fileconnect.symantec.com/), select your
language, and enter your serial number.
Export the keypair to a file once you create it. Once exported, make sure the file is
accessible to the system on which you intend to run PGP WDE Controller. This is
necessary the first time you run PGP WDE Controller.
10 Before You Install the PGP WDE Controller
Before You Begin
You must import the file into PGP WDE Controller before you can create .MSI files.
For instructions to create a PGP keypair with PGP Desktop, see "Creating a PGP
Keypair," in the PGP Desktop User's Guide.
Create an accessible shared folder on the network.
This folder stores the log files, WDRTs, and updated policies for all of the PGP
Whole Disk Encryption installations. The shared folder must be accessible by all
installations of the deployment, and should be Common Internet File System
(CIFS) compliant.
Although using a shared folder is highly recommended, it is not required. When
not using a shared folder, for example in a very small workgroup situation where a
share is unavailable, the WDRTs are encrypted to the PGP WDE administrator key
and stored on the local disk. In these situations, you might need to instruct the
user to send the WDRT to the administrator for safekeeping in the event the user
loses the passphrase or needs help accessing the system.
Note: When not using a shared folder both WDRTs and log files are stored on the
local disk of the client system. The WDRTs are stored in the user’s application
data directory at \Documents and Settings\User Name\Application Data\PGP
Corporation\PGP\WDRT\. The log files are stored in \Documents and
Settings\User Name\Application Data\PGP Corporation\PGP\.
When using such a shared folder, make sure the systems on which you are
installing PGP Whole Disk Encryption are on the network at the time of initial
encryption so that the WDRT is successfully delivered to the shared folder. If the
system is not on the network, the WDRT gets encrypted to the PGP WDE
administrator key and is queued to be sent the next time it connects to the
network. In such a situation, if the user forgets their passphrase before the WDRT
gets delivered to the share, the user is prevented from using a WDRT remotely,
leaving a PGP WDE administrator key (used with a smart card or token) as the only
option for remote access.
Make sure your license information is accessible from the system which you
intend to run PGP WDE Controller.
When you purchased the product, you received an email order confirmation with
an attached .PDF file. Make a note of the name, organization, and license number
you received in the email order confirmation. These are shown in the section titled
Important Note in the .PDF. Your license number also appears on the download
page of your PGP product.
Place the PGPWholeDiskEncryptionController.exe file in an accessible
location on the system from which you intend to run PGP WDE Controller.
Create backups of the systems to which you intend to deploy PGP WDE.
Related Topics
About PGP WDE Administrator Keys (on page 11)
About the Shared Network Folder (on page 12)
About Whole Disk Recovery Tokens (on page 12)
About Single Sign-On (on page 13)
About PGP BootGuard Customization (on page 14)
11 Before You Install the PGP WDE Controller
About PGP WDE Administrator Keys
About PGP WDE Administrator Keys
If you need to perform maintenance or other tasks on a user's system, a PGP WDE
administrator key eliminates the need to request the user's passphrase. A PGP WDE
administrator key, used in conjunction with a smart card or token, logs in to a user's
system at the PGP WDE BootGuard screen using two-factor authentication. Once you
have logged in like this at the PGP Bootguard screen, you can then log on to the user's
system using your administrator user name and password.
The benefits of using two-factor authentication to access a user's system are:
Each administrator has a unique token that allows access to systems encrypted
with PGP Whole Disk Encryption.
Because both the smart card or token and a PIN are required to access the system,
security is maintained if the smart card or token is lost or stolen.
Note: If you want to add an administrator key to systems that have already been
encrypted, or if you want to change the administrator key after deployment, you
must create a new .MSI file with the desired key and redeploy the product as needed.
Supported Smart Cards and Tokens
These smart cards and tokens can be used for the PGP WDE administrator key:
ActivIdentity ActivClient CAC cards, 2005 models
Aladdin eToken 64K, 2048 bit RSA-capable
Aladdin eToken PRO USB Key 32K, 2048 bit RSA-capable
Aladdin eToken PRO without 2048-bit capability (older smart cards)
Athena ASEKey Crypto USB Token
Athena ASECard Crypto Smart Card
EMC RSA SecurID SID800 Token
Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
S-Trust StarCOS smart card
SafeNet iKey 3000
Supported smart card readers
Use any of the supported smart cards with any chip/smart card interface device
(CCID) smart card reader. However, only these smart card readers were tested by
Symantec Corporation:
OMNIKEY CardMan 3121 USB for desktop systems
OMNIKEY CardMan 6121 USB for mobile systems
ActivIdentity USB 2.0 reader
Reiner SCT CyberJack pinpad
Athena ASEDrive IIIe USB reader
12 Before You Install the PGP WDE Controller
About the Shared Network Folder
Note: Check the technical specifications for PGP Whole Disk Encryption for updates
to the list of supported smart cards, tokens, and smart card readers.
Related Topics
Before You Begin (on page 9)
About the Network Share (see "About the Shared Network Folder" on page 12)
About Whole Disk Recovery Tokens (on page 12)
About Single Sign-On (on page 13)
About PGP BootGuard Customization (on page 14)
About the Shared Network Folder
To store logging information, WDRTs, and updated policies for the PGP Whole Disk
Encryption deployment, you must create a share on your network to store this data.
The share must be accessible by all installations of the deployment. The share, and
server hosting it, should be Common Internet File System (CIFS) compliant.
After deploying the PGP Whole Disk Encryption .MSI file with the embedded location of
the shared folder, a folder is created for each computer named with the following
format: machine name-machine guid. This folder contains all logging information,
WDRTs, and updated policies for all devices associated with the computer.
If you want to change this shared folder location or credentials to access it after
deployment, you have two options: if you have configured automatic policy updates,
you simply create a new policy with the updated information and it will automatically
be downloaded and implemented by the installed clients. If you did not configure
automatic policy updates, you must create a new .MSI file with the new location
embedded, and use it to redeploy the product.
Related Topics
Before You Begin (on page 9)
About PGP WDE Administrator Keys (on page 11)
About Whole Disk Recovery Tokens (on page 12)
About Single Sign-On (on page 13)
About PGP BootGuard Customization (on page 14)
About Whole Disk Recovery Tokens
Whole disk recovery tokens (WDRTs) are a means by which an encrypted device is
accessed once a user has been locked out or has forgotten their password. This is
especially valuable when the device is not in the same location as the administrator.
13 Before You Install the PGP WDE Controller
About Single Sign-On
In a PGP Whole Disk Encryption Controller environment, these are stored in a shared
folder on the network that also holds the log files for the computer.
WDRTs are associated with encrypted drives, not single computers or single users. A
single computer can be associated with multiple encrypted drives. If multiple users
have accounts on the same drive, they share the same whole disk recovery token.
Whatever you do with the token affects all users sharing that drive. Each encrypted
drive has only one whole disk recovery token.
Related Topics
Before You Begin (on page 9)
About PGP WDE Administrator Keys (on page 11)
About the Shared Network Folder (on page 12)
About Single Sign-On (on page 13)
About PGP BootGuard Customization (on page 14)
About Single Sign-On
Microsoft Windows has a few methods available by which other companies can
customize the Windows login experience. One method is the Graphical Identification
and Authentication (GINA) dynamic-link library (DLL), the pluggable part of WinLogon,
which third parties can replace to customize login functionality or the login user
interface. GINA can be used to create, for example, biometric login methods, or smart
card logins.
The PGP Whole Disk Encryption Single Sign-On (SSO) feature does not use GINA, as
there are certain compatibility issues with GINA. For example, it is possible to have
multiple, conflicting GINAs on the same system. Instead, SSO uses another method, the
Windows Automatic Login feature. PGP Desktop uses your configured authentication
information to create, dynamically, specific registry entries when you attempt to log in.
Your Windows password is never stored in the registry, nor in any form on the
disk—neither encrypted, nor as clear text.
Implementation details differ between the various versions of Microsoft Windows, but
user interaction with the feature is the same, regardless of Windows platform.
The SSO feature is not compatible with other GINAs. You might encounter some issues
if you attempt to use SSO in conjunction with another GINA.
PGP Whole Disk Encryption includes the Single Sign-On (SSO) feature. It synchronizes
the PGP Whole Disk Encryption authentication with the one required by Microsoft
Windows when a user boots a computer. Once a disk or boot partition is encrypted, the
next time the user starts the system, the PGP BootGuard screen appears immediately
upon startup. Logging in at this point also logs the user into the Windows session. The
users does not have to log in twice.
Related Topics
Before You Begin (on page 9)
About PGP WDE Administrator Keys (on page 11)
14 Before You Install the PGP WDE Controller
About PGP BootGuard Customization
About the Shared Network Folder (on page 12)
About Whole Disk Recovery Tokens (on page 12)
About PGP BootGuard Customization (on page 14)
About PGP BootGuard Customization
Once installed, you can customize the PGP BootGuard screen of PGP Whole Disk
Encryption with:
Text. You can replace the default text, "Forgot your passphrase? Please contact
your IT department or Security Administrator."
Custom background images of the splash and login screens.
Audio cues that can help vision-impaired users more easily navigate PGP
BootGuard authentication.
In a PGP Whole Disk Encryption Controller environment, PGP BootGuard can be
customized only with PGP Whole Disk Encryption Command Line. For complete
information, see PGP Whole Disk Encryption Command Line User's Guide.
Related Topics
Before You Begin (on page 9)
About PGP WDE Administrator Keys (on page 11)
About the Shared Network Folder (on page 12)
About Whole Disk Recovery Tokens (on page 12)
About Single Sign-On (on page 13)
/