Encrypt your computer's hard drive with Symantec Encryption Desktop
To protect your secure data from unauthorized access, you can use PGP Desktop to encrypt your hard drive. When you encrypt an entire disk using the PGP Whole Disk Encryption feature, every sector is encrypted using a symmetric key. This includes all files including operating system files, application files, data files, swap files, free space, and temp files.
For information on how to install PGP Desktop, click here.
Set up whole disk encryption
- You MUST be on the latest version, 10.3.0.
The old version was called PGP Desktop, and the new version is called Symantect Encryption Desktop.
To check the version of either application, open the application and go to Help > About.
You should be running Symantec Encryption Desktop 10.3.0.
- Make sure your computer's power adapter is plugged in.
- Losing power while the encryption is in process may cause your files to be unrecoverable.
- Make sure you've allocated a few hours for this process.
- The encryption process typically takes 8 hours.
- You can still use your computer while this runs, but it will run a bit slower than usual.
- Consider leaving it to run overnight or a time when you will not be needing your computer for an extended period.
- Close all programs you don't need. This will reduce the time needed for the encryption process to run.
- Open Symantec Encryption Desktop by going to Start > Programs > Symantec > Symantec Encryption Desktop.
- Click PGP Disk on the left.
- Click Encrypt Whole Disk or Partition on the right.
- If you are not planning to use the computer during the encryption process, check the box next to Maximum CPU Usage . This will speed up the process at the cost of reducing the computer's performance.
- Click New Passphrase User... at the bottom right.
- Choose Use Windows Password. Click Next .
- Choose Proceed with passphrase authentication only .
- If you login to the computer with your Domain Account,
- Enter your Wellesley Domain name and password under the respective fields.
- Make sure that WELLESLEY is entered in the Domain field, click Finish.
- If you login to the computer with a local account,
- Enter the username and password you use to login to the computer under the respective fields.
- Make sure the Domain field is the Computer Name, click Finish.
- Go back to Step 6 to add your Domain Account as an additional user.
- To give multiple users access to login to the computer,
- Each person that needs access, needs to be present as they will need to enter their password. You can add additional users later if you wish, by following the same process, starting from Step 6.
- Go back to Step 6 and add the account.
- If you are prompted to enter a Passphrase, you need to enter the password of an account that has already been added to this section.
- This is NOT your PGP Passphrase, despite what the popup appears to be asking for.
- Click Encrypt in the top right. Do not turn off your computer until the process finishes. Your system may be slower than usual during the encryption process, although it is fully usable. It returns to normal operation when the encryption process is complete.
- Once the process is finished, your disk will be encrypted. You will be required to enter your passphrase whenever you log into your computer or your computer goes into sleep mode.
Logging in to an encrypted laptop
- After encrypting your laptop, when you restart or power on the computer, you will now see a gray screen like the one below:
- Enter the password you normally use to login to Windows on your computer. When you successfully login, it will automatically log you into Windows for you.
- If you change your password, you will need to follow the directions below to update the login information, as it doesn't sync with our systems.
- If you forget your password or are unable to login, please contact the Help Desk.
Changing your Domain Password in Whole Disk Encryption
- When you power on the computer, in the PGP WDE login screen, enter your old password. This will get you through the PGP WDE login. When Windows tries to log you into the computer, it will fail and the user will be listed as your name with SSO after it. Click Other User and login with your Domain Account.
- You should now be at your Windows Desktop. Launch Symantec Encryption Desktop from either the gray lock icon in the notification area, or Start > All Programs > Symantec Encryption > Symantec Encryption Desktop.
- Click on PGP Disk on the left, then Encrypt Disk or Partition on the right. You should now see a list of at least your username under User Access.
- If the other person present is already listed under User Access, please skip to the next step.
- If the other person present is not listed under User Access, click New Passphrase User, select Use Windows Password and click Next, click Next again, and then have them enter their Domain username and password in the fields provided, click Next, click Finish. When prompted for a passphrase to unlock the disk, enter your NEW Domain password and click OK.
- Click on your username in the list under User Access, then click Delete User on the left. Enter your NEW Domain password when prompted and click OK.
- Click New Passphrase User and add your account. Click New Passphrase User, select Use Windows Password and click Next, click Next again, and then have them enter their Domain username and password in the fields provided, click Next, click Finish. When prompted for a passphrase to unlock the disk, have the other person present enter their Domain password and click OK.
- If you do not want the other user to have access to your computer, remove them from the User Access list by clicking on their username in the list and click the Delete User button on the right. Enter your NEW Domain password when prompted and click OK.