HOW TO: Update PGP Encryption Desktop for Windows in a managed environment (Symantec Encryption Desktop)
Article ID: 153363
Updated On:
Products
Issue/Introduction
This article details how to update PGP Encryption Desktop (Symantec Encryption Desktop) in a managed environment (PGP Desktop policy is managed by a PGP Server) as well as "Standalone" environments where the PGP Desktop client does not talk to a PGP Encryption Server.
Resolution
There are several methods for updating the PGP Desktop client to systems. This will discuss several scenarios for doing so:
Scenario 1: Managed PGP Desktop Clients - Deploy client updates via Deployment Software, such as IT Management Suite (Recommended)
The PGP Desktop client is a typical MSI file so you can deploy it using all the supported msiexec installation options. The only requirement is to ensure the systems are rebooted after update fairly soon after the installation is finished.
It is okay to delay the reboots, and you can do a silent install where the users do not see the installation happening, but it's recommended to reboot the system as soon as possible after the new version is installed.
| TIP: It is recommended to deploy PGP Desktop clients via deployment software, such as IT Management Suite (Altiris) as this deployment solution can install with the proper administrative permissions. For information on how to create a PGP client, see the following article: 180244 - HOW TO: Download Encryption Desktop Client Installers in Symantec Encryption Management Server |
Scenario 2: Manually install the new version
In order to install the PGP Encryption Desktop Client on a system manually, you can download the MSI file from the PGP Server.
Once downloaded, you can double-click to start the installation or you can use the command line to invoke the install using the standard "msiexec /i " option. All msi switches are supported, but the system needs to be rebooted within a reasonable amount of time. In other words, don't delay for weeks without rebooting for best results.
If you are downloading the PGP Desktop client update from the PGP Server, see the following article for how to properly download the client:
Scenario 3: Managed PGP Desktop Clients - PGP Desktop talks to a PGP Server for Updates and Policy for automatic updates
If a new version of PGP Desktop is available, PGP Desktop can be updated manually or configured to automatically check for updates (Managed Client Only).
If you are using PGP Whole Disk Encryption please note that the drive has to be either fully encrypted or fully decrypted. It is not possible update PGP Desktop if the drive is only partially encrypted. The installation will be interrupted.
You must have an administrative account on the PC to be able to download and install updates. If you don't have an administrative account the newer version will not be downloaded and will not be installed.
To use this functionally, the PGP Server must have the "Notify users of software updates..." setting enabled in the consumer policies:
Automatic updates for PGP Desktop is enabled by default in the Consumer Policy of the PGP Server. If the PGP Server has a newer version of the PGP Desktop client, it'll make it available. The Client will be prompted for the update and can then be installed. This works only if the user has admin permissions.
Caution: If you have previously installed PGP Encryption Desktop using any special msiexec installation options, we highly recommend not using this option as it will install the software with all components enabled. For example, if you installed with Email Encryption disabled, and use the auto update, email encryption will be installed.
We generally don't recommend this option because it requires end users to be administrators on their machines. Additionally, when end users are prompted for the update, they can easily dismiss the install, which means they can stay on older versions indefinitely. This option was designed for very small environments where end users have full control over their systems. For guidance, reach out to Symantec Encryption support.
Feedback
