Convert a Symantec Encryption Desktop Standalone (unmanaged) client for Linux into a managed installation package

book

Article ID: 156334

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

This article details how to manually configure a stand alone (or unmanaged) Symantec Encryption Desktop client (formerly known as PGP Desktop) for Linux to be managed by a Symantec Encryption Management Server.  These steps can also be used to change the Symantec Encryption Management Server host the Symantec Encryption Desktop client is bound with by changing the PGPSTAMP.

The PGPSTAMP is an entry that tells the Symantec Encryption Desktop client which server it should enroll to and communicate with.

 

Cause

Symantec Encryption Desktop for Linux was installed as a stand alone client rather than as a managed client by the Symantec Encryption Management Server.

 

Resolution

The Symantec Encryption Management Server allows you to configure client settings and policies for managed Symantec Encryption Desktop clients. This includes license settings, disk encryption settings and Whole Disk Recovery Token (WDRT) storage.

  1. As root issue the command # pgpconfigure "ovid=$FQDN_OF_MANAGEMENT_SERVER&mail=*&admin=1"
  2. Reboot the system using either init 6, reboot or shutdown -r now
  3. Login as an unprivileged user
  4. Once a Reboot has occurred, enroll Symantec Encryption Desktop with the Symantec Encryption Management Server.

CAUTION: It is important to reboot after running the "pgpconfigure" command.  Failing to do so will prevent the Symantec Encryption Desktop client from sending Drive Encryption data, such as the hostname of the machine being encrypted, to the Symantec Encryption Management Server.  Subsequent reboots will eventually send the logging data, but the timing for when this data will show up on the Symantec Encryption Management Server cannot be guaranteed.  As a result, it is necessary to reboot the client machine directly after the "pgpconfigure" command has been run, making the stand alone client, a managed installation.

 

Note: On older versions of RedHat or other Linux distributions based off of redhat you need to use the full path:

/usr/sbin/pgpconfigure "ovid=keys.domain.com&mail=*&admin=1" 

Note: The PGPSTAMP uses the following format:
ovid=keys.example.com&mail=*&admin=1
Where:
ovid is the name of the PGP Universal Server.
mail always equals * for linux clients
admin always equals 1.

 

 NOTE: The following Articles can be reviewed for modifying the Symantec Encryption standalone clients to be managed for Windows and Mac Operating Systems:

TECH149792 - Manually modify a Windows Symantec Encryption Desktop stand alone client to enroll with Symantec Encryption Management Server.

TECH149851 - Manually Update a PGP Desktop 9.x for Mac OS X Stand Alone Client to be managed by a PGP Universal Server.

HOWTO77365 - How to: Convert a Symantec Encryption Desktop (formerly PGP Desktop) Standalone installation package for Mac into a Managed Installation package (10.0.x clients and above).