![]() This should show you if the bypass is enabled, and for how many counts. Pgpwde -check-bypass -disk 0 -admin-passphrase "admin passphrase here" If you would like to check if this was successful, run the following command: The above command should add 3 bypass restarts, meaning the preboot screen will be skipped 3 times. Pgpwde -add-bypass -disk 0 -count 3 -admin-passphrase "admin passphrase here" If you would like to run more than one bypass, run the following command: This command adds only one bypass to Bootguard.ĥ. Pgpwde -add-bypass -admin-passphrase "admin passphrase here" -disk 0 At the command prompt, type the following command and press enter: ![]() Now run the following command to take you to the proper working directory for "pgpwde.exe":Ĭd "Program Files (x86)\PGP Corporation\PGP Desktop"Ĥ. Open a command prompt window and type the following command to take you to the "C:\" prompt:ģ. Deploy the PGP Drive Encryption client to the machine and encrypt the disk.Ģ. Next, to run the command to enable a bypass, follow the steps below:ġ. Once the above has been made in policy, update policy on the clients to update this. Note: The disk needs to be encrypted so the WDE Disk Administrator can be put on the access list for the hard drive. Select the Drive Encryption tab and enable the "Encrypt Drive Encryption disks to a Disk Administrator Passphrase" option and click save. Go To Consumers, Consumer Policy, Select Default or any custom policy to be modified.Ĥ. Login to the Symantec Encryption Management ServerĢ. To be able to use this option, you will need to enable a WDE administrator in policy first. The Drive Encryption Disk Administrator can be used to set the Bootguard Bypass on client machine via policy on Symantec Encryption Management Server. Section 3 - Add Bypass using the Drive Encryption Disk Administrator method (PGP Disk Administrator added to the policy): Failing to stop all PGP services can intermittently prevent adding the bypass user. Note: It is required to use the attached script, which will stop all PGP services before enabling the bypass user. The script has also been tested to work with SCCM using a specific set of sequences as described in the attached document.ĭownload the " WDE-WDE-ADMIN-add-bypass-script-README-with-Bypass-Script.zip" file for the script as well as the steps for SCCM. ![]() This has been tested and has been known to work within Altiris when used with the WDE-ADMIN security group. The attached script can be used to be able to add the bypass user remotely with Altiris, or other deployment solutions using the WDE-ADMIN Security Group within Active Directory. Section 2 - Using Deployment tools such as Altiris (Symantec IT Management Suite), and SCCM to add the bypass user using the WDE-ADMIN Security Group Pgpwde -check-bypass -disk -admin-authorization If configured, it will also display the original and remaining bypass restart counts. Indicates whether boot bypass is configured for the specified boot disk. You can also verify the bypass user by typing the following at the command prompt: TIP: Using -aa is the short version of -admin-authorizationĮxample: pgpwde -remove-bypass -disk 0 -admin-authorizationĪ message displays that the bypass has been successfully completed. admin-authorization (Windows only) specifies that the command is being performed by a member of the WDE-ADMIN Active Directory group. This command adds only one bypass to Bootguard. cd "Program Files (x86)\PGP Corporation\PGP Desktop"Īt the command prompt, type pgpwde -add-bypass -admin-authorization -disk 0 and press Enter. Switch to the following directory: C:\Program Files (x86)\PGP Corporation\PGP Desktop:Ģ. ![]() The Windows command prompt screen appears. On the client system, login with the user account added to the WDE-ADMIN group.Ĭlick Start>Run, type cmd in the text field and click OK. Only the most trusted users should ever be added to this group because it allows these users to run administrative WDE commands. (Start>All Programs>Administrative Tools>Active Directory Users and Computers)Ĭreate a new Global Security Group with the name WDE-ADMIN.Īdd the desired domain user account(s) to the WDE-ADMIN group. On a domain controller, open the Active Directory Users and Computers console. Note: Any user can be put into this group to set the bypass as long as the user has the admin rights to access a client's machine. Section 1 - Add Bypass using the WDE-ADMIN Security Group Section 4 - Add more than 51 bypass reboots to Symantec Encryption Desktop Section 3 - Add Bypass using the Drive Encryption Disk Administrator method: Section 2 - Using Deployment tools such as Altiris, and SCCM to add the bypass user using the WDE-ADMIN Security Group Section 1 - Add Bypass using the WDE-ADMIN Security Group The article contains multiple sections to cover adding the bypass functionality to Symantec Encryption Desktop:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |