PGP Encryption Desktop (Symantec Encryption Desktop)settings can be established for the default internal user policy as well as any custom internal user policy you create.

Each of these can have different sets of PGP Desktop settings and can be controlled via the PGP Encryption Server (Symantec Encryption Management Server).  

This article will show you how to modify the policies and where they are located. 

For information on how to create a client from the PGP Encryption Server, see the following article:

180244 - HOW TO: Download Encryption Desktop Client Installers in Symantec Encryption Management Server (PGP Server) 

 

PGP Server Administrators can control PGP Encryption Desktop policy settings to include the following:
 

• Client licensing 
• Feature settings
• Feature control
• Component control
• PGP Key Management

To configure PGP Encryption Desktop client settings
 

1. Login to the PGP Server administrative interface on port 9000.
2. Click on Consumers > Consumer Policy.
3. Select the desired policy. The Consumer Policy Options are displayed for the policy.
4. Click the Keys button to configure key generation settings for PGP Desktop clients. You can set key type, key size, preferred cipher, key mode, and certificates for client keys.
   TIP: For Keymodes, we recommend SKM generally.  For information on Keymodes, see the following article:
   
   153249 - Symantec Encryption Management Server Key Modes
   
   It is important to get the keymodes to be most appropriate for your scenario so good to review this information. 
5. Click Desktop next to PGP Desktop. This allows you to configure client settings in the following areas:

• General PGP Desktop settings
• Messaging & Keys
• File Encryption (PGP Zip & PGP Shredder)
• PGP File Share Encryption
  
  180791 - Symantec File Share Encryption Group Key FAQ's.
  
  
• PGP Virtual Disk and PGP Whole Disk Encryption
  
  153530 - Best Practices: Symantec Endpoint Encryption and Symantec Drive Encryption

6. After configuring the policy, click Save.

Note: It is possible to "Clone" policies so that once you have a base policy created, you can then clone and build off of.  It is not possible to "export" policies and import to other PGP servers.

If you would like the ability to export policies, please reach out to Symantec Encryption Support and mention this article.

180244 - HOW TO: Download Encryption Desktop Client Installers in Symantec Encryption Management Server (PGP Server)

151074 - Symantec Endpoint Encryption and PGP Encryption Solutions Comparison

EPG-28319 - Update reverts some settings in Policies after upgrade - Fix in 10.5.1 MP2.