PGP File and Disk Encryption

To protect your secure data from unauthorized access, you can use PGP Desktop to encrypt your hard drive. When you encrypt an entire disk using the PGP Whole Disk Encryption feature, every sector is encrypted using a symmetric key. This includes all files including operating system files, application files, data files, swap files, free space, and temp files.

On subsequent reboots, PGP WDE prompts you for the correct passphrase. Then the encrypted data is decrypted as you access it. Before any data is written to the disk, PGP WDE encrypts it. As long as you are authenticated to your PGP WDE-encrypted disk (after you have entered the correct passphrase at the PGP BootGuard screen), the files are available. When you shut down your system, the disk is protected against use by others.

For information on how to install PGP Desktop, click here.

Set up whole disk encryption
  • You MUST be on the latest version.  If you have PGP Desktop installed, that is the old version.  The new version is called Symantec Encryption Desktop.  If you continue with the old version, your files will not be recoverable if you forget your password.
  • Make sure your computer's power adapter is plugged in. Losing power while the encryption is in process may cause your files to be unrecoverable.
  • Make sure you've allocated a few hours for this process. The encryption process typically takes 8 hours. Consider leaving it to run overnight or a time when you will not be needing your computer for an extended period.
With an average system, an 80 GB boot disk or partition takes approximately three hours to encrypt using PGP Whole Disk Encryption (when no other applications are running). A very fast system, on the other hand, can easily encrypt such a disk or partition in less than an hour.
You can still use your system during encryption. Your system is somewhat slower than usual during the encryption process, although it is fully usable.
  1. Close all programs you don't need. This will reduce the time needed for the encryption process to run.
  2. Open Symantec Encryption Desktop by going to Start > Programs > Symantec > Symantec Encryption Desktop.
  3. Click PGP Disk on the left.
  4. Click Encrypt Whole Disk or Partition on the right.
  5. If you are not planning to use the computer during the encryption process, check the box next to Maximum CPU Usage . This will speed up the process at the cost of reducing the computer's performance.
  6. Click New Passphrase User... at the bottom right.
  7. Choose Use Windows Password. Click Next .
  8. Choose Proceed with passphrase authentication only .
  9. If you login to the computer with your Domain Account,
    • Enter your Wellesley Domain name and password under the respective fields.
    • Make sure that WELLESLEY is entered in the Domain field, click Finish.
  10. If you login to the computer with a local account,
    • Enter the username and password you use to login to the computer under the respective fields.
    • Make sure the Domain field is the Computer Name, click Finish.
    • Go back to Step 6 to add your Domain Account as an additional user.
  11. To give multiple users access to login to the computer,
    • Each person that needs access, needs to be present as they will need to enter their password. You can add additional users later if you wish, by following the same process, starting from Step 6.
    • Go back to Step 6 and add the account.
    • If you are prompted to enter a Passphrase, you need to enter the password of an account that has already been added to this section.
    • This is NOT your PGP Passphrase, despite what the popup appears to be asking for.
  12. Click Encrypt in the top right. Do not turn off your computer until the process finishes. Your system may be slower than usual during the encryption process, although it is fully usable. It returns to normal operation when the encryption process is complete.
  13. Once the process is finished, your disk will be encrypted. You will be required to enter your passphrase whenever you log into your computer or your computer goes into sleep mode. 


Logging in to an encrypted laptop
After encrypting your laptop, when you restart or power on the computer, you will now see a gray screen like the one below:
Enter the password you normally use to login to Windows on your computer.  When you successfully login, it will automatically log you into Windows for you.
If you change your password, you will need to login to PGP with your old password, login to Windows when prompted, then go into Symantec Encryption Desktop and update your password.
If you forget your password or are unable to login, please contact the Help Desk.  A PGP Admin may be able to help you login with a one-time use recovery token.


catch of the day

4/18: Phishing: View a Google Doc "And sign in with your personal email..." Don't!
Report phishing 
Identify phishing


LTS News


In the works