K-State PGP Whole Disk Encryption: An install Guide for Windows
This guide will walk you through the steps needed to install and use PGP Whole Disk Encryption software (now Symantec Drive Encryption). The first section will give you what you need to know about PGP before you install it and a list of system requirements. The second section will walk you through the installation and encryption processes. The final section will outline some of the tools that will come with PGP Whole Disk Encryption.
Table of Contents
- What to Know Before You Begin
- System Requirements
- Incompatible Software
- What is Installed?
- PGP Whole Disk Encryption (WDE)
- PGP Virtual Disk
- PGP Zip
- PGP Shredder
- Before You Encrypt
- Ensure That Your Disk Is Supported
- Back Up the Disk
- Ensure the Health of the Disk
- Installation Process
- Enrolling on the PGP Universal Server
What to Know Before You Begin
Installing PGP Whole Disk Encryption software is a relatively easy process but requires a fair amount of time. You can start the process by executing the install package provided for your particular operating system(OS). Before you start the process, be sure the computer you are attempting to install the software on meets the requirements below.
System Requirements
PGP Desktop Operating Systems:
Windows Vista (all 32-bit and 64-bit versions, including SP 1)
Windows XP (SP 1, 2 or 3; 32-bit and 64-bit versions)
Windows 2000 (SP 4)
Windows 2003 Server (SP 1)
Windows XP Tablet PC Edition 2005 (requires attached keyboard)
PGP WDE Operating Systems:
Client versions of Windows 2000 (SP 4), Windows XP (SP 1 or 2), and Windows Vista
Memory (RAM):
512 MB RAM 64 MB hard drive space
Incompatible Software
There are certain other software products that are incompatible PGP and can cause serious problems, including data loss. Please make sure that you do not have the following products installed before installing PGP. For an updated list please visit Symantec's website.
Software that is not compatible:
- CompuTrace in MBR mode: PGP Whole Disk Encryption is compatible only with the BIOS configuration of Absolute Software's CompuTrace laptop security and tracking product. Using CompuTrace in MBR mode is not compatible.
- Utimaco Safeguard Easy 3.x: Do not install it on a system with PGP Desktop and do not install PGP Desktop on a system with Utimaco Safeguard Easy 3.x.
- Hard disk encryption products from GuardianEdge Technologies: Encryption Anywhere Hard Disk and Encryption Plus Hard Disk products, formerly known as PC Guardian products, are not compatible with PGP Whole Disk Encryption.
The following programs will co-exist with PGP Desktop on the same system, but will block the PGP Whole Disk Encryption feature:
- Safeboot Solo
- SecureStar SCPP
- Pointsec
Installation and Encryption
Before You Encrypt
PGP recommends the following in order to prepare your computer for whole disk encryption with their software. To help ensure the security and integrity of your data during and after encryption, it is highly recommended you take the following steps.
Ensure That Your Disk Is Supported
PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. Writable CDs and DVDs are NOT supported.
Backup the Disk
Before you encrypt your disk, be sure to backup the disk and securely store it so that you won't lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.
Ensure the Health of the Disk
If PGP WDE encounters disk errors during encryption, it will pause the encryption process so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption.
To prevent data loss, the encryption process automatically stops if it encounters any errors, such as Cyclic Redundancy Check(CRC) errors or bad sectors. This allows you to correct the errors before the encryption process resumes, which will avoid potential disk corruption or loss of data. The easiest way to avoid these issues is to make sure your disk is healthy before you begin the encryption process.
To help ensure the health of you disk before and after encryption, it is best to use a third-party scan disk utility to perform a low-level integrity check and repair any inconsistencies with the drive as they could lead to CRC errors. Microsoft's check disk (chkdsk.exe) utility is not sufficient for detecting these issues. Performing these checks before you begin encryption will help prevent and disruptions in the process.
*As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt them.
Installing PGP Desktop
The following sections show the installation process step by step. The instructions are arranged in a side-by-side presentation,
with an image of what you should see next to written notes and the actions to perform during each step. Clicking on most images
will present a larger version.
|
Double-click on the PGP Desktop icon to start the installer. |
|
|
Select the "I accept the license agreement" option and click "Next." (You can read the Release Notes at this time, if you choose; they are also available from the Start menu after the installation is complete. Click "Next" to continue.) |
|
|
The installation will now proceed. When all files are installed, a dialog box will appear indicating that the machine needs to be rebooted. Save any open documents, close any open programs, and then click the "Yes" button to reboot your machine. When the machine comes back up, log in to the machine as normal. |
Enrolling on the PGP Universal ServerThese steps are done the first time that a user logs into a machine after PGP Desktop has been installed. If there are several users on the machine, this process will be performed as each user logs in to the machine. This process must be done while connected to the K-State network. After you have logged in to the machine, the PGP Enrollment assistant will start. |
|
|
Enter your K-State eID and password and click "OK" to continue. Note that the "domain authentication credentials" as used at K-State for this screen are the user's K-State eID credentials and not any department-specific Windows, AD, or Novell domain credentials. |
|
|
This screen is displayed if the Enrollment assistant cannot verify the credentials OR if the credentials supplied are not valid. |
|
The disk will now encrypt in the background while you work |
|
|
If you would like to check the progress of the encryption look for this logo in the system tray of your
desktop and double click it.
|
|
|
Once there, click on the menu item on the left that says, "PGP Disk" and then the menu item that appears below it that says "Encrypt Whole Disk." You should now see the progress bar to the right. You can also use this application to pause or resume the process of encrypting your disk. If you do pause the encryption, remember to resume it again or it will not complete in a timely manner. Also note that the encryption cannot be performed while running on battery power, so be sure your laptop is plugged in during this process. |
|
|
It is recommended that you allow the encryption processes to fully complete without interruption or shutting down your computer. However, if you need to shut down the computer before the encryption is complete you may do so. |
|
PGP Tools
The PGP Desktop product contains a suite of encryption tools. Here is a quick list of the features added after the PGP product is installed.
PGP Whole Disk Encryption (WDE)
You can use this feature to protect the entire contents of your system and/or an external hard drive or USB flash drive that you specify. Boot sectors, system files, and swap files are all encrypted. Encrypting your entire drive(s) means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need the appropriate passphrase to gain access to the data.
PGP Virtual Disk
This feature uses part of your hard drive space as an encrypted virtual disk volume with its own drive letter. You can create additional users for a volume so that people you authorize can also access the volume. A PGP Virtual Disk is the perfect place for storing your sensitive files; it is as if you have stored them in a safe. When the door of the safe is open (when the volume is mounted), you can change files stored in it, take files out of it, and move files into it. When the door of the safe is closed (when the volume is unmounted), all the data on the volume is protected.
PGP Zip
This feature allows you to create and manipulate encrypted Zip files. These archives can be constructed so that only the intended recipients can access the contents, so that anyone who knows the pass phrase can access the contents (optionally on a system that does not have PGP Desktop installed), or the contents can simply be "signed" to permit the recipients to validate that the contents have not been changed.
PGP Shredder
Completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; rather, the file remains on your drive and eventually gets overwritten. Until the file is overwritten, an attacker can easily recover the file sitting in the recycle bin. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature can also completely wipe free space on your drives so your deleted data is truly unrecoverable.
Adapted first by KU from "OSU Windows User Guide for PGP Desktop" (v1.2), with permission from The Ohio State University, Columbus, Ohio 43210