Encrypting your Windows computer with PGP Whole Disk Encryption

To encrypt your Windows computer with PGP Whole Disk Encryption (WDE), you'll first install Symantec Endpoint Encryption (PGP), and then use PGP to encrypt the drive.

Note:
You must complete the two steps below; your computer is not fully protected until you finish the encryption process.

On this page:


Installing PGP

Pre-installation notes

  • Previously installed PGP software: If you are using a version of PGP that was not distributed from IUware, some features you currently use may be disabled after installing the IU licensed PGP software. Consult with your IT Pro before installing. Details about upgrading from older versions are documented in the PGP Desktop user guide and distributed in the IUware disk image.
  • Supported operating systems:
    • Windows 10 (32- and 64-bit editions)
      Note:
      The above operating systems are supported only when using PGP 10.3.2 MP10 and later.
    • Windows 8 Pro and Enterprise (32- and 64-bit editions)
      Note:
      The above operating systems are supported only when using PGP 10.3.1 and later.
    • Windows 7 (32- and 64-bit editions)
      Note:
      The above operating systems are supported only when you have applied all Microsoft hotfixes and security patches.
    • Windows Server 2012 and 2012 R2 (64-bit edition)
    • Windows Server 2008 (32- and 64-bit editions, including Service Pack 1 and 2)
    • Windows Server 2008 R2

    PGP WDE supports internal system RAID-1 and RAID-5.

Installing Symantec Endpoint Encryption (PGP) on Windows

  1. Download Symantec Endpoint Encryption (PGP) from IUware. Be sure to download the correct version for your system.
  2. Double-click the installation executable file.
  3. At the Security Warning, click Run.
  4. Click I accept the license agreement. Click Next, and then click Next again.
  5. Allow the UAC to install the software. Wait while the system updates; this may take a few minutes.
  6. Restart your computer.
  7. After login, you will be prompted for PGP Enrollment.
  8. Your username should be automatically filled in. Enter your ADS passphrase, and then enter another passphrase. You should now be enrolled.

To open Endpoint Encryption, click the icon in the notification area.

Using PGP for encryption

Encrypting an entire disk

Note:
It takes approximately four hours to encrypt a 250 GB drive, and another four hours to decrypt it.

To encrypt an entire disk:

  1. Open Endpoint Encryption.
  2. In the left column, select PGP Disk.
  3. Select Encrypt Whole Disk or Partition. Choose the disk and partition you want to encrypt.
  4. Select New Passphrase User.
  5. Follow the steps to add an ADS user. Since Use Windows log on is the only option for boot partitions, your passphrase must match the ADS passphrase.
  6. Select Encrypt.

Once you've encrypted the disk and rebooted, an Endpoint Encryption login will appear just after the BIOS loads (PC), and before the operating system can load. The person(s) listed in the User Access field will then be able to log in. The passphrase will serve as a single sign-on and will also authenticate to ADS.

Encrypting a partition or flash drive

Encrypting a flash drive or partition involves the same steps as encrypting the entire disk, with the exception of the step where the user is added. Specifically, the username and passphrase do not have to match ADS.

After inserting a flash drive into a PC running PGP WDE Desktop, you will be prompted to enter the PGP passphrase to access the disk. Inserting a flash drive into a PC that is not using Endpoint Encryption will produce a message indicating the drive needs to be formatted before use.

Note:
The University Information Policy Office can issue you a recovery token for a forgotten passphrase for a disk or file.

Creating and opening PGP zip files

To create a PGP zip file:

  1. Open Endpoint Encryption.
  2. In the left column, select PGP Zip and then new PGP Zip.
  3. Choose from the following options, and follow the resulting instructions.
    • Recipient keys: Allows only IU ADS keys to be added (most secure option, and requires PGP WDE to decrypt).
    • Passphrase: Allows for the creation of a unique passphrase (PGP WDE needed to decrypt).
    • PGP Self-Decrypting Archive: PGP WDE is not needed.
    • Sign only

To open a PGP encrypted file, from the left column, select Open PGP Zip and follow the instructions.

Shredding free space

  1. Open Endpoint Encryption.
  2. In the left column, select PGP Disk.
  3. Select Shred Free Space, and click Next.
  4. From the drop-down menu, select the drive where you wish to shred free space.
  5. Select the number of passes, and click Begin Shred.

PGP shredder is available to all three security groups. A PGP Shredder will also be placed on your desktop; this will act like the recover bin, except that it will shred anything dropped into it.

This is document azmz in the Knowledge Base.
Last modified on 2017-10-09 16:42:28.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.