Skip to the content

Kansas State University

K-State PGP Whole Disk Encryption: An install Guide for Windows


This guide contains information related to the installation and usage of the PGP Desktop product at Kansas State University. PGP Desktop is the foundation application for the PGP Whole Disk Encryption product as well as various complementary utilities. The first section contains information that should be read and understood before any installation is attempted. The next section walks the user through the process of installing the software and encrypting the hard drive. The final section describes how to use the other portions of the software package. Parts of this document are taken in whole or in part from the PGP Desktop 9.9 Quick Start Guide and PGP Desktop 9.9 User’s Guide; these parts have been customized for the basic environment within the University.

Table of Contents

What to Know Before You Begin

Installing the PGP Desktop product is a simple process. Users can initiate the process by executing the install package for their operating system. This package can be stored locally, on removable media or even via a network share. Be sure the computer you are attempting to install the software on meets the following requirements.

System Requirements


PGP Desktop Operating Systems:

Windows Vista (all 32-bit and 64-bit versions, including SP 1)
Windows XP (SP 1, 2 or 3; 32-bit and 64-bit versions)
Windows 2000 (SP 4)
Windows 2003 Server (SP 1)
Windows XP Tablet PC Edition 2005 (requires attached keyboard)

PGP WDE Operating Systems:

Client versions of Windows 2000 (SP 4), Windows XP (SP 1 or 2), and Windows Vista

Memory (RAM):

512 MB RAM 64 MB hard drive space

Incompatible Software


Certain other disk protection software products are incompatible with PGP WDE and can cause serious disk problems, up to and including loss of data. Please note the following known interoperability issues, and please review the PGP Desktop Release Notes for the latest updates to this list.

Software that is not compatible:

  • CompuTrace in MBR mode: PGP Whole Disk Encryption is compatible only with the BIOS configuration of Absolute Software's CompuTrace laptop security and tracking product. Using CompuTrace in MBR mode is not compatible.
  • Utimaco Safeguard Easy 3.x: Do not install it on a system with PGP Desktop and do not install PGP Desktop on a system with Utimaco Safeguard Easy 3.x.
  • Hard disk encryption products from GuardianEdge Technologies: Encryption Anywhere Hard Disk and Encryption Plus Hard Disk products, formerly known as PC Guardian products, are not compatible with PGP Whole Disk Encryption.

The following programs will co-exist with PGP Desktop on the same system, but will block the PGP Whole Disk Encryption feature:

  • Safeboot Solo
  • SecureStar SCPP
  • Pointsec

What is Installed?


The PGP Desktop product contains a suite of encryption tools. Here is a quick list of the features added after the PGP product is installed.

PGP Whole Disk Encryption (WDE)

You can use this feature to protect the entire contents of your system and/or an external hard drive or USB flash drive that you specify. Boot sectors, system files, and swap files are all encrypted. Encrypting your entire drive(s) means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need the appropriate passphrase to gain access to the data.

PGP Virtual Disk

This feature uses part of your hard drive space as an encrypted virtual disk volume with its own drive letter. You can create additional users for a volume so that people you authorize can also access the volume. A PGP Virtual Disk is the perfect place for storing your sensitive files; it is as if you have stored them in a safe. When the door of the safe is open (when the volume is mounted), you can change files stored in it, take files out of it, and move files into it. When the door of the safe is closed (when the volume is unmounted), all the data on the volume is protected.

PGP Zip

This feature allows you to create and manipulate encrypted Zip files. These archives can be constructed so that only the intended recipients can access the contents, so that anyone who knows the pass phrase can access the contents (optionally on a system that does not have PGP Desktop installed), or the contents can simply be "signed" to permit the recipients to validate that the contents have not been changed.

PGP Shredder

Completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; rather, the file remains on your drive and eventually gets overwritten. Until the file is overwritten, an attacker can easily recover the file sitting in the recycle bin. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature can also completely wipe free space on your drives so your deleted data is truly unrecoverable.

Before You Encrypt


PGP Corporation recommends the following best practices for preparing to encrypt your disk with PGP WDE. Please follow the recommendations below to protect your data during and after encryption.

Ensure That Your Disk Is Supported

PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. Writable CDs and DVDs are NOT supported.

Backup the Disk

Before you encrypt your disk, be sure to backup the disk and securely store it so that you won't lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk.

Ensure the Health of the Disk

If PGP WDE encounters disk errors during encryption, it will pause the encryption process so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption.

PGP Corporation deliberately takes a conservative stance when encrypting drives, to prevent loss of data. It is not uncommon to encounter Cyclic Redundancy Check (CRC) errors while encryptin a hard disk. If PGP WDE encounters a hard drive or partition with bad sectors, PGP WDE will, by default, pause the encryption process. This pause allows you to remedy the problem before continuing with the encryption process, thus avoiding potential disk corruption and lost data. To avoid disruption during encryption, PGP Corporation recommends that you start with a healthy disk by correcting any disk errors prior to encrypting.

Before you attempt to use PGP WDE, use a third-party scan disk utility that has the ability to perform a low-level integrity check and repair any inconsistencies with the drive that could lead to CRC errors. Microsoft Windows' check disk (chkdsk.exe) utility is not sufficient for detecting these issues on the target hard drive. Instead, use software such as SpinRite or another disk integrity utility. These software applications can correct errors that would otherwise disrupt encryption.

****As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt them.

Installation Process


The following sections show the installation process step by step. The instructions are arranged in a side-byside presentation, with an image of what you should see next to written notes and the actions to perform during each step. Clicking on most images will present a larger version.

Installing PGP Desktop

Double-click on the PGP Desktop icon to start the installer.

PGP.exe

Select the "I accept the license agreement" option and click "Next."

(You can read the Release Notes at this time, if you choose; they are also available from the Start menu after the installation is complete. Click "Next" to continue.)

PGP_1
PGP_3

The installation will now proceed. When all files are installed, a dialog box will appear indicating that the machine needs to be rebooted. Save any open documents, close any open programs, and then click the "Yes" button to reboot your machine. When the machine comes back up, log in to the machine as normal.

Enrolling on the PGP Universal Server

These steps are done the first time that a user logs into a machine after PGP Desktop has been installed. If there are several users on the machine, this process will be performed as each user logs in to the machine.

This process must be done while connected to the K-State network.

After you have logged in to the machine, the PGP Enrollment assistant will start.

Enter your K-State eID and password and click "OK" to continue.

Note that the "domain authentication credentials" as used at K-State for this screen are the user's K-State eID credentials and not any department-specific Windows, AD, or Novell domain credentials.

PGP_4
PGP_5

This screen is displayed if the Enrollment assistant cannot verify the credentials OR if the credentials supplied are not valid.

That's all!

The disk will now encrypt in the background while you work

If you would like to check the progress of the encryption look for this logo in the system tray of your desktop and double click it.
This will bring up the PGP Desktop.

PGP Icon

Once there, click on the menu item on the left that says, "PGP Disk" and then the menu item that appears below it that says "Encrypt Whole Disk."

You should now see the progress bar to the right.

You can also use this application to pause or resume the process of encrypting your disk. If you do pause the encryption, remember to resume it again or it will not complete in a timely manner.

Also note that the encryption cannot be performed while running on battery power, so be sure your laptop is plugged in during this process.

PGP Progress Window

It is recommended that you allow the encryption processes to fully complete without interruption or shutting down your computer. However, if you need to shut down the computer before the encryption is complete you may do so.

Adapted first by KU from "OSU Windows User Guide for PGP Desktop" (v1.2), with permission from The Ohio State University, Columbus, Ohio 43210