PGP File and Disk Encryption

To protect your secure data from unauthorized access, you can use PGP Desktop to encrypt your hard drive. When you encrypt an entire disk using the PGP Whole Disk Encryption feature, every sector is encrypted using a symmetric key. This includes all files including operating system files, application files, data files, swap files, free space, and temp files.

On subsequent reboots, PGP WDE prompts you for the correct passphrase. Then the encrypted data is decrypted as you access it. Before any data is written to the disk, PGP WDE encrypts it. As long as you are authenticated to your PGP WDE-encrypted disk (after you have entered the correct passphrase at the PGP BootGuard screen), the files are available. When you shut down your system, the disk is protected against use by others.
 

For information on how to install PGP Desktop, click here.


 
Set up whole disk encryption
  • You MUST be on the latest version.  If you have PGP Desktop installed, that is the old version.  The new version is called Symantec Encryption Desktop.  If you continue with the old version, your files will not be recoverable if you forget your password.
  • Make sure your computer's power adapter is plugged in. Losing power while the encryption is in process may cause your files to be unrecoverable.
  • Make sure you've allocated a few hours for this process. The encryption process typically takes 8 hours. Consider leaving it to run overnight or a time when you will not be needing your computer for an extended period.
With an average system, an 80 GB boot disk or partition takes approximately three hours to encrypt using PGP Whole Disk Encryption (when no other applications are running). A very fast system, on the other hand, can easily encrypt such a disk or partition in less than an hour.
You can still use your system during encryption. Your system is somewhat slower than usual during the encryption process, although it is fully usable.
  1. Close all programs you don't need. This will reduce the time needed for the encryption process to run.
  2. Open Symantec Encryption Desktop by going to Start > Programs > Symantec > Symantec Encryption Desktop.
  3. Click PGP Disk on the left.
  4. Click Encrypt Whole Disk or Partition on the right.
  5. If you are not planning to use the computer during the encryption process, check the box next to Maximum CPU Usage . This will speed up the process at the cost of reducing the computer's performance.
  6. Click New Passphrase User... at the bottom right.
  7. Choose Use Windows Password. Click Next .
  8. Choose Proceed with passphrase authentication only .
  9. If you login to the computer with your Domain Account,
    • Enter your Wellesley Domain name and password under the respective fields.
    • Make sure that WELLESLEY is entered in the Domain field, click Finish.
  10. If you login to the computer with a local account,
    • Enter the username and password you use to login to the computer under the respective fields.
    • Make sure the Domain field is the Computer Name, click Finish.
    • Go back to Step 6 to add your Domain Account as an additional user.
  11. To give multiple users access to login to the computer,
    • Each person that needs access, needs to be present as they will need to enter their password. You can add additional users later if you wish, by following the same process, starting from Step 6.
    • Go back to Step 6 and add the account.
    • If you are prompted to enter a Passphrase, you need to enter the password of an account that has already been added to this section.
    • This is NOT your PGP Passphrase, despite what the popup appears to be asking for.
  12. Click Encrypt in the top right. Do not turn off your computer until the process finishes. Your system may be slower than usual during the encryption process, although it is fully usable. It returns to normal operation when the encryption process is complete.
  13. Once the process is finished, your disk will be encrypted. You will be required to enter your passphrase whenever you log into your computer or your computer goes into sleep mode. 

 


 
Logging in to an encrypted laptop
After encrypting your laptop, when you restart or power on the computer, you will now see a gray screen like the one below:
Enter the password you normally use to login to Windows on your computer.  When you successfully login, it will automatically log you into Windows for you.
 
If you change your password, you will need to follow the directions below to update your PGP WDE and SSO password information.
 
If you forget your password or are unable to login, please contact the Help Desk.  A PGP Admin may be able to help you login with a one-time use recovery token.
 
 
 
 
 
 
 
 

 


 
Changing your Domain Password in PGP WDE
After changing your Domain password on the Wellesley Password Reset page, you need to update PGP Whole Disk Encryption with your new password.
 
This requires another faculty or staff member with a Wellesley Domain Account present. (PGP does not work with student Domain Accounts)
  1. When you power on the computer, in the PGP WDE login screen, enter your old password.  This will get you through the PGP WDE login.  When Windows tries to log you into the computer, it will fail and the user will be listed as your name with SSO after it.  Click Other User and login with your Domain Account.
  2. You should now be at your Windows Desktop.  Launch Symantec Encryption Desktop from either the gray lock icon in the notification area, or Start > All Programs > Symantec Encryption > Symantec Encryption Desktop.
  3. Click on PGP Disk on the left, then Encrypt Disk or Partition on the right.  You should now see a list of at least your username under User Access.
    • If the other person present is already listed under User Access, please skip to the next step.
    • If the other person present is not listed under User Access, click New Passphrase User, select Use Windows Password and click Next, click Next again, and then have them enter their Domain username and password in the fields provided, click Next, click Finish.  When prompted for a passphrase to unlock the disk, enter your NEW Domain password and click OK.
  4. Click on your username in the list under User Access, then click Delete User on the left.  Enter your NEW Domain password when prompted and click OK.
  5. Click New Passphrase User and add your account.  Click New Passphrase User, select Use Windows Password and click Next, click Next again, and then have them enter their Domain username and password in the fields provided, click Next, click Finish.  When prompted for a passphrase to unlock the disk, have the other person present enter their Domain password and click OK.
  6. If you do not want the other user to have access to your computer, remove them from the User Access list by clicking on their username in the list and click the Delete User button on the right.  Enter your NEW Domain password when prompted and click OK.

 

catch of the day

7/23: Phishing targets eFax users.

Report phishing 
Identify phishing

SERVICE ALERTS

LTS News

 

In the works