This article details how to control access to pgpwde.exe on my Windows Operating Systems in an enterprise environment.

 

The pgpwde.exe executable file is located in the C:\Program Files\PGP Corporation\PGP Desktop folder  (or where %ProgramFiles% is mapped to). This utility is typically used by administrators to troubleshoot PGP Whole Disk Encryption issues without going through the PGP Desktop GUI.

It is sometimes desirable to restrict access to this file to administrators only. There are Windows utilities that grant or restrict file access to particular users.  You can also download useful scripts to help you restrict access to files and folders to users or groups.

ACLs (Access Control Lists) are stored for each file and directory in a Windows filesystem.  Windows XP has a built in utility called CACLS that you can use to restrict access to a particular file.Click here for Microsoft documentation on CACLS.exe.

There are other utlities as well that can change file permissions.  Xcacls.vbs is a script downloadable from Microsoft that will allow you to change group permissions on a file.  Please see the Microsoft documentation for more information and informative examples of use.

An example of xcacls.vbs: cscript.exe xcacls.vbs "C:\Program Files\PGP Corporation\PGP Desktop\pgpwde.exe" /r "machinea\group1" /r "domain\testuser1"