When incorrectly typing your passphrase a number of times at the PGP BootGuard screen, you cannot log in and the PGP BootGuard screen displays the message Current disk is locked. User authentication is not possible.
|Note: This article applies to PGP Universal Server 2.9 and above managed PGP Desktop clients running on Windows 2000, XP, Server 2003, and Windows Vista.|
A new feature in PGP Universal Server 2.9 allows administrators to enforce PGP WDE BootGuard Lockout, wherein BootGuard locks access to the system after the user exceeds the maximum number of permitted failed authentication attempts.
Administrators can configure the number of attempts to lock passphrase user accounts. The default setting is 3 failed login attempts. This setting is configured on the WDE tab in the PGP Desktop settings for the policy.
If the disk is locked, all passphrase users lose access. All accounts on the disk are locked. Users will not be able to log in again without using a WDRT or other token. Without a WDRT or other token, the disk is permanently locked.
|Caution:In PGP Universal Server 2.9, the option to Enable Whole Disk Recovery Tokens (WDRT) for an Internal User Policy is enabled by default. However, if the WDRT is disabled for the policy, you will be unable to recover a locked disk.|
To reset your passphrase, contact your PGP Universal Server administrator to request the Whole Disk Recovery Token (WDRT). An administrator with a PGP Whole Disk Encryption administrator key can also unlock the account. If one user logs in with a WDRT, the disk unlocks and all passphrase users can log in again.