This article details how to create and use a PGP WDE Administrator Key. The PGP WDE Administrator Key provides access for administrators to user's systems which are PGP Whole Disk Encrypted. This feature is available in versions of PGP Desktop 9.7 and above.
If you need to perform maintenance or other tasks on a user's system, the PGP Whole Disk Encryption administrator key allows an administrator to login without having to request the user's passphrase. Use the PGP Whole Disk Encryption administrator key to log in to a user's system at the PGP WDE BootGuard screen using two-factor authentication (with a smart card or token).
The benefits of using two-factor authentication to access a user's system are:
|Note: If you have systems that have been encrypted with PGP WDE, you do not need to re-encrypt those disks in order to add the PGP WDE Administrator key. The key will be pushed down to the clients during the next policy update.|
To Create a PGP WDE Administrator Key
|Note: If you want all PGP Whole Disk Encryption installations to be accessible through the same key, upload the same key to all internal user groups. Refer to the WDE section of Configuring PGP Desktop Settings in the PGP Universal Server Administrator Guide for details on adding the key to an internal user group policy.|
To Use a PGP WDE Administrator Key