Unattended installation and enrollment of Symantec Encryption desktop.

book

Article ID: 158902

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Some administrators would prefer that the users are not aware of the installation and encryption of the drive

Resolution

 1.  Publish Certificate

 
 
Note: This is done as when the client enrolls it prompts to allow certificate. If we do not want any user inputs, we would want to publish the Symantec server certificate to all the domain clients before we create and deploy the package. Applying to the Default domain policy applies the certificate to all the clients. Doing this will make the clients aware of the Symantec server certificate and hence eliminate the need of prompting the user to allow the certificate. Below is the screen that the clients receive when they detect the Symantec encryption certificate.
 
2. Create customized Symantec encryption desktop package
 
On the server make sure the policy for the user has the setting 
 
Automatically encrypt  BootDisk at installation is checked.  
 
The above policy is located under : 
Consumer Policy, users policy name, Desktop, Encryption Desktop, Drive encryption  
 
This would encrypt the disk after successful enrollment. 
 
Download the 64 or 32 bit package with auto detect policy to your deployment server. 
 
3. Deploy the package : 
 
Deploy the msi package from your server with the following switches :
 
Note: You can use Orca (This feature is part of Windows development kit) to edit the MSI package and create a custom package with the needed switches. You can also refer to the article TECH190946
 
msiexec /i C:\pgpd.msi  PGP_INSTALL_DISABLESSOENROLL=0 /norestart /q
 
Now when the users log into their PC, they won’t get to know the installation has begun. It will not restart the PC automatically as the “/norestart” switch will not allow the PGP automatic restart. Once the user restarts the PC and logs in again, then the second phase of the installation will continue (Enrollment) and in a minute or so the user will notice a notification in the system tray that the drive is being encrypted.
 
 

Applies To

PGP Desktop Client 10.x

Symantec Encryption Server 3.x

Attachments