Windows Symantec Encryption Desktop (PGP) Install Guide
Symantec Encryption Desktop (PGP) Windows system requirements
This section covers Symantec Encryption Desktop (PGP) version 10.3.1 [Build 13100]
- Windows 8 Enterprise and Pro (32 and 64 bit versions)
- Windows 7 (all 32 and 64 bit versions)
- Windows Vista (all 32- and 64-bit editions)
- Windows XP (32-bit Service Pack 2 or 3, 64-bit Service Pack 2) * END OF LIFE APRIL 2014*
- Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
- Windows Server 2003 (Service Pack 1 and 2)
For additional system requirements and best practices information on using PGP WDE on Windows non-server systems, see Symantec KB Article 149543 http://www.symantec.com/business/support/index?page=content&id=TECH149543
PGP WDE supports all the client operating systems above as well as the following server versions:
- Windows Server 2008 SP 1 and 2 (64-bit edition)
- Windows Server 2008 R2 (64-bit edition)
For additional system requirements and best practices information on using PGP WDE on Windows Server systems, see Symantec KB Article 149613. http://www.symantec.com/business/support/index?page=content&id=TECH149613
Additional Requirements for Microsoft Windows 8 UEFI Systems
For systems running Windows 8 in UEFI mode, the following additional requirements must be met:
- System must be certified for Microsoft Windows 8 64-bit
- UEFI firmware must allow other programs or UEFI applications to execute while booting
- Boot drive must be partitioned in GPT with only one EFI system partition on the same physical disk
- Boot drive must not be configured with RAID or Logical Volume Managers (LVM)
- Tablets and any systems without a wired or OEM-supplied attachable keyboard are not supported
- Desktop or laptop disks, including solid-state drives (either partitions, or the entire disk).
- External disks, excluding music devices and digital cameras.
- USB flash disks.
- GPT partitioned Windows drives on systems that use UEFI and Windows 8 64-bit.
- Dynamic disks
- Diskettes and CD-RW/DVD-RWs.
- Advanced Format disks that do not emulate 512e
- Download Symantec Encryption Desktop (PGP) client installer (http://software.ucsf.edu/applications/pgp.html) and double click installation package
- Follow on-screen prompts to install
- Reboot the machine when prompted
- After rebooting, Symantec Encryption Desktop (PGP) will display the PGP Setup Assistant, follow on-screen prompts to setup your PGP key and passphrase
PGP Setup Assistant – Enrollment
- Enrollment will ask for a user name and password, this is your UCSF email address and email password
Mail@UCSF email address:
- Select User Type “I am a new user” and press Next
- Assistant to help configure your PGP key screen – select "Next"
- Key Source Selection screen – select the "New Key" radio button and then select the Next button
- Key Generation Progress screen - Status will process and go to "done" Select Next to continue
- Completing screen - Select Next
- Congratulations Screen - Click Finish
- Installation is now complete. Open up Symantec Encryption Desktop (PGP) to enable encryption features such as WDE, Volume, and Email encryption
PGP WDE Warnings and Precautions
Before encrypting review Whole Disk Encryption Best Practices
- A Symantec (PGP) encrypted disk must be decrypted before performing the following tasks
- Major operating system upgrades, example: Windows 7 to Windows 8
- Repartitioning encrypted hard drives
- Use caution when using 3rd party disk defragmentation programs. See Symantec's website for more information http://www.symantec.com/docs/TECH148921
- Do not use fixboot or fixmbr on a PGP WDE encrypted disk
Ensure your system meets system requirements, a full backup has been made and has a network connection before encrypting.
- After installing Symantec Encryption Desktop (PGP), open Symantec Encryption Desktop
- Click on PGP Disk then "Encrypt Disk or Partition"
- Click on "New Passphrase User"
Go through PGP disk assistant to setup your WDE Passphrase. Select "Use Windows Password" to have Symantec Encryption Desktop (PGP) copy your existing Windows login password to be used by whole disk encryption. By selecting "Use Windows Password", PGP will automatically log your user account into Windows, called Single Sign On (SSO)
- New User for whole disk encryption - Select "Use Windows Password" and then select Next
- Two-Factor Authentication screen - Simply click Next to continue
- Confirm your current Windows Password - Type in your Username, Password and check the box "Enable Windows SSO". Select Next to continue
- New User Created screen should appear. Simply click Finish to continue
- The newly created passphrase user will now appear in the lower part of the screen. Click the plus sign to expand the boot disk and ensure that the entire section is highlighted. Finally click the "Encrypt" button on the upper right part of the screen to begin encryption
- Optional Step - Once the Encryption has completed, select the user that was added and create LOCAL Recovery Questions - Select "Add Security Questions..."