Setting up a support environment for decrypting drives with Symantec Encryption Desktop (formerly PGP Desktop)


Article ID: 158018


Updated On:


Drive Encryption


If you have a large number of Apple computer users that you will need to support, you may benefit from creating a small Apple network environment with a NetBoot server that you can use to troubleshoot, decrypt and recover data from Apple computers.


Creating a small support network for booting and troubleshooting does require a dedicated Mac machine which will host the NetBoot images. The benefit though is you have a consistent environment with the tools you need already installed and usable from any Mac that has an Ethernet port or an adapter, such as Thunderbolt to Ethernet adapter.

(Note) Covering how to setup an Apple server is beyond the scope of this document. To setup the server, please follow Apple's guide for installing Mac OS X server and enabling the services necessary for a NetBoot environment.

OS X Server: Advanced Administration

To create a usable NetBoot image, first configure a Macintosh with the appropriate OS, Users, Applications, Utilities, network settings, drive mapping, etc that you need to use in the course of troubleshooting. For example you would may install and license Symantec Encryption Desktop for Mac. You should install the appropriate supported version for the Mac OS that you would like to use as a NetBoot source. For the purpose of decrypting drives via NetBoot, we recommend setting a 'Recovery Only' policy on the Symantec Encryption Server and create an installer with that policy embedded. See the following article for supported Symantec Encryption Desktop [formerly PGP Desktop] versions:

Mac OS X and Supported Versions of Symantec Encryption Desktop [Formerly PGP Desktop]

Once the system is configured appropriately, slave that machine to server using Target Disk Mode, or alternatively if the HDD is accessible you may slave just the hard drive, to the server and follow Apple's guide for creating NetBoot images.

Creating NetInstall, NetRestore and NetBoot Images OS X Server (Mountain Lion)

Once the image is completed and enabled on the server, you may boot to the image by holding option at boot time. If a network interface is connected you will see the list of bootable systems that are being shared on the network. Apple currently only supports NetBoot services over an ethernet connection.

(Note) For an encrypted machine to boot properly over NetBoot, you must enable diskless boot from the Apple server.

Applies To

Apple Mac OS X (Supported Versions)
Symantec Encryption Desktop 10.3.0 (tested this version)