HOW TO: Use Domain Administrator restart bypass

book

Article ID: 180164

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

 

Resolution

Domain administrator restart bypass

The Domain administrator restart bypass feature enables administrators to perform remote or local software installations requiring a restart of the target computer without the need for the user to input their passphrase at PGP BootGuard.

Windows System and Administrator account(s) may now engage a mode to bypass WDE authentication on the next restart by utilizing the privileges of the administration account to act as the authenticated user.
Use of this feature is logged to the Encryption Management Server\PGP Universal server. Bypass events are displayed in the Client log of the server.

To add a Domain Administrator restart bypass use the following steps:

  1. On a domain controller, open the Active Directory Users and Computers console. (Start>All Programs>Administrative Tools>Active Directory Users and Computers)
     
  2. Create a new Global Security Group with the name WDE-ADMIN.
     
  3. Add the desired domain user account(s) to the WDE-ADMIN group.
     
  4. On the client system, login with the user account added to the WDE-ADMIN group.
     
  5. Click Start > Run, type cmd in the text field and click OK. The Windows command prompt screen appears.
     
  6. Switch to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
     
  7. At the command prompt, type pgpwde --add-bypass --admin-authorization --disk 0 and press Enter.
     

A message displays that the bypass has been successfully completed. You can also verify the bypass user by typing the following at the command prompt:

pgpwde --check-bypass