Creating PGP Desktop Client Policies on Symantec Encryption Management Server (PGP Server) Consumer Policies
search cancel

Creating PGP Desktop Client Policies on Symantec Encryption Management Server (PGP Server) Consumer Policies

book

Article ID: 153564

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Encryption Desktop (PGP Desktop) settings can be established for the default internal user policy as well as any custom internal user policy you create.

Each of these can have different sets of PGP Desktop settings and can be controlled via the Symantec Encryption Management Server (PGP Server).  

This article will show you how to modify the policies and where they are located. 

 

Resolution

PGP Server Administrators can control PGP Desktop policy settings to include the following:
 

  • Client licensing 
  • Feature settings
  • Feature control
  • Component control
  • PGP Key Management



To configure PGP Desktop client settings

 

  1. Login to the PGP Server administrative interface on port 9000.
  2. Click on Consumers > Consumer Policy.
  3. Select the desired policy. The Consumer Policy Options are displayed for the policy.
  4. Click the Keys button to configure key generation settings for PGP Desktop clients. You can set key type, key size, preferred cipher, key mode, and certificates for client keys.
    TIP: For Keymodes, we recommend SKM generally.  For information on Keymodes, see the following article:

    153249 - Symantec Encryption Management Server Key Modes

    It is important to get the keymodes to be most appropriate for your scenario so good to review this information. 
  5. Click Desktop next to PGP Desktop. This allows you to configure client settings in the following areas:
  1. After configuring the policy, click Save.

 

Note: It is possible to "Clone" policies so that once you have a base policy created, you can then clone and build off of.  It is not possible to "export" policies and import to other PGP servers.

If you would like the ability to export policies, please reach out to Symantec Encryption Support and mention this article.

Additional Information

151074 - Symantec Endpoint Encryption and PGP Encryption Solutions Comparison

EPG-28319 - Update reverts some settings in Policies after upgrade - Fix in 10.5.1 MP2.