When using the PGP Whole Disk Encryption Single Sign-On (SSO) feature, the PGP Disk driver caches user credentials in the pre-boot environment, PGP BootGuard, and passes to the Windows logon process, automatically logging a user into Windows. Using the SSO feature, users are required to enter credentials only once, at PGP BootGuard, to log in to Windows automatically.
Once the user clicks OK to the logon banner, the computer completes the login process and the password is then removed from memory.
PGP Desktop 10.1.0 through 10.1.2 provides improved security of password handling when using PGP Whole Disk Encryption with SSO. This setting is disabled by default and is enabled by modifying a Windows registry Value.
Note: If SSO needs to be completely disabled in PGP Whole Disk Encryption, please do so via the PGP Universal Server Consumer Policy
“Deny encryption of disks to existing Windows Single Sign-On password.”
Note: This type of behavior is similar to what happens when auto-logon has been enabled in Windows without PGP installed on the system.