Note: This article pertains to a version of PGP Universal Server that has reached an End of Support Life (EOSL) as of April 1st 2012. For more information on the End of Support Life dates for PGP Software products see the following article here for more information
This article provides step-by-step instructions to assist administrators in creating and managing custom client deployments of PGP Desktop and PGP Universal Satellite. Once installed, clients can obtain updated policies and client updates from the PGP Universal Server.
HOW TO: Deploy Client Installers with PGP Universal Server
PGP Universal Satellite and PGP Desktop Client installers securely retrieve policies and keys from their originating PGP Universal Server. These installers can perform encryption and decryption at the user's desktop, providing true end-to-end security. You can create different default settings for various user groups and also manage policies to centrally enforce your security policy.
There are two ways to manage which users get assigned to which user group policies. First, you can bind the policy to the installer and distribute the installer. With this method, you will not be able to change which policy each user is bound to without having the user reinstall their client software.
Second, with LDAP directory synchronization enabled, then you can assign policies to internal users based on their directory attributes, and switch which policy they are bound to by changing their LDAP attributes, or changing the LDAP attributes of the user group. Then the next time the user interacts with the server, they receive new settings based on which policy they are now bound to.
The ability to manage PGP Desktop deployments falls under the Internal User Policy section of the PGP Universal Server administrative interface (this functionality was previously in a separate application called PGP Admin).
You can create PGP Desktop installers for your internal users with one of three available policy settings:
|You must have a PGP Desktop license to create customized PGP Desktop installers. You can use the same license for all your policies, but unless you clone your user settings from a policy that already has license information entered, you will need to enter the license information into each policy individually.
You cannot upgrade or install a PGP Desktop 9.5 bound client to PGP Universal 2.0.x. You must upgrade your PGP Universal Server to version 2.5/2.6 to support PGP Desktop 9.5 bound clients. PGP Universal 2.5/2.6 does support 9.0.x clients.
Configuring PGP Desktop Settings
PGP Desktop settings can be established for the default internal user policy as well as any custom internal user policy you create. Each of these can have different sets of PGP Desktop settings.
To Establish PGP Desktop Settings:
Create a PGP Desktop Installer
Creating PGP Desktop installers for your users is slightly different depending on the policy settings you want to use. All three procedures include configuring settings on the PGP Desktop card. The available policy settings are No Policy, Auto-Detect Policy, and Preset Policy. See the beginning of this article for a description of each type of policy.
|Note: The auto-detect policy is only available if you have an LDAP directory and have enabled Directory Synchronization. Policy settings for your PGP Desktop users are determined by the email address of the user and their attributes in your LDAP directory. Based on these attributes, the appropriate user group policy is applied. If you later create a new user group policy and the user's attributes match the group to which the policy applies, the policy for the PGP Desktop user will be switched to the more appropriate policy. If you have not created any custom user group policies, the default internal users policy will be applied.|
Create a PGP Universal Satellite Installer