OSU Windows User Guide for PGP Desktop

OSU Windows User Guide for PGP Desktop Version 1.2 -- Sept. 28, 2007 This guide contains information related to the installation and usage of the PGP Desktop product at The Ohio State University. The first section contains information that should be read and understood before any installation is attempted. The next section walks the user through the process of installing the software and encrypting the hard drive. The final section describes how to use the other portions of the software package. Parts of this document are taken in whole or in part from the PGP Desktop 9.6 Quickstart Guide and PGP Desktop 9.6.1 User’s Guide; these parts have been customized for the basic environment within the University. Table of Contents Information You Need to Know Before You Begin..................................................................................2 System Requirements..........................................................................................................................2 Incompatible Software......................................................................................................................... 2 What is Installed?.................................................................................................................................2 PGP Whole Disk Encryption (WDE).................................................................................................2 PGP Virtual Disk...............................................................................................................................3 PGP Zip............................................................................................................................................3 PGP Shredder..................................................................................................................................3 Key Management.............................................................................................................................3 Before You Encrypt..............................................................................................................................3 Ensure That Your Disk Is Supported................................................................................................3 Back Up the Disk..............................................................................................................................3 Ensure the Health of the Disk...........................................................................................................4 Maintain Power Throughout Encryption...........................................................................................4 Installation Process.................................................................................................................................. 5 Getting the PGP Desktop Installer.......................................................................................................5 Installing PGP Desktop........................................................................................................................6 Enrolling on the PGP Universal Server................................................................................................7 Encrypting the Hard Drive..................................................................................................................10 PGP Desktop User Guide for Windows Information You Need to Know Before You Begin Installing the PGP Desktop product is a simple process. Users can initiate the process by executing the install package for their operating system. This package can be stored locally, on removable media or even via a network share. Be sure the computer you are attempting to install the software on meets the following requirements. System Requirements Windows Vista (32-bit versions), Windows XP (SP 1 or 2), Windows 2000 (SP 4), and Windows 2003 Server (SP 1) (PGP WDE is not supported on Windows 2000 and Windows 2003 Server) 128 MB RAM (256 MB recommended) 64 MB hard drive space Incompatible Software Certain other disk protection software products are incompatible with PGP WDE and can cause serious disk problems, up to and including loss of data. Please note the following known interoperability issues, and please review the PGP Desktop Release Notes for the latest updates to this list. Software that is not compatible: • CompuTrace in MBR mode: PGP Whole Disk Encryption is compatible only with the BIOS configuration of Absolute Software’s CompuTrace laptop security and tracking product. Using CompuTrace in MBR mode is not compatible. Utimaco Safeguard Easy 3.x: Do not install it on a system with PGP Desktop and do not install PGP Desktop on a system with Utimaco Safeguard Easy 3.x. Hard disk encryption products from GuardianEdge Technologies: Encryption Anywhere Hard Disk and Encryption Plus Hard Disk products, formerly known as PC Guardian products, are not compatible with PGP Whole Disk Encryption. • • The following programs will co-exist with PGP Desktop on the same system, but will block the PGP Whole Disk Encryption feature: • • • Safeboot Solo SecureStar SCPP Pointsec What is Installed? The PGP Desktop product contains a suite of encryption tools. Here is a quick list of the features added after the PGP product is installed. PGP Whole Disk Encryption (WDE) You can use this feature to protect the entire contents of your system or an external or USB flash drive you specify. Boot sectors, system files, and swap files are all encrypted. Encrypting your entire -2- PGP Desktop User Guide for Windows drive(s) means you do not have to worry if your computer is lost or stolen: to access your data, an attacker would need the appropriate passphrase. PGP Virtual Disk This feature uses part of your hard drive space as an encrypted virtual disk volume with its own drive letter. You can create additional users for a volume so that people you authorize can also access the volume. A PGP Virtual Disk is the perfect place for storing your sensitive files; it is as if you have stored them in a safe. When the door of the safe is open (when the volume is mounted), you can change files stored in it, take files out of it, and move files into it. When the door of the safe is closed (when the volume is unmounted), all the data on the volume is protected. PGP Zip This feature allows you to create and manipulate encrypted Zip files. These archives can be constructed so that only the intended recipients can access the contents, so that anyone who knows the pass phrase can access the contents (optionally on a system that does not have PGP Desktop installed), or the contents can simply be “signed” to permit the recipients to validate that the contents have not been changed. PGP Shredder Completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; it sits on your drive and eventually gets overwritten. Until then, it is trivial for an attacker to recover that file. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature can also completely wipe free space on your drives so your deleted data is truly unrecoverable. Key Management PGP also manages PGP keys, both your key pairs (consisting of a public key and related private key) and the public keys of others. These keys are used to encrypt and decrypt email and to allow access to PGP Virtual Disks and PGP Zip files. Before You Encrypt PGP Corporation recommends the following best practices for preparing to encrypt your disk with PGP WDE. Please follow the recommendations below to protect your data during and after encryption. Ensure That Your Disk Is Supported PGP WDE feature protects desktop or laptop disks (either partitions, or the entire disk), external disks, and USB flash disks. Writable CDs and DVDs are NOT supported. See Chapter 6 of the PGP Desktop User’s Guide for more details on what types of disks are supported. Back Up the Disk Before you encrypt your disk, be sure to back it up so that you won’t lose any data if your laptop or computer is lost, stolen, or you are unable to decrypt the disk. -3- PGP Desktop User Guide for Windows Ensure the Health of the Disk If PGP WDE encounters disk errors during encryption, it will pause the encryption process so you can repair the disk errors. However, it is more efficient to repair errors before you initiate encryption. PGP Corporation deliberately takes a conservative stance when encrypting drives, to prevent loss of data. It is not uncommon to encounter Cyclic Redundancy Check (CRC) errors while encrypting a hard disk. If PGP WDE encounters a hard drive or partition with bad sectors, PGP WDE will, by default, pause the encryption process. This pause allows you to remedy the problem before continuing with the encryption process, thus avoiding potential disk corruption and lost data. To avoid disruption during encryption, PGP Corporation recommends that you start with a healthy disk by correcting any disk errors prior to encrypting. Before you attempt to use PGP WDE, use a third-party scan disk utility that has the ability to perform a low-level integrity check and repair any inconsistencies with the drive that could lead to CRC errors. Microsoft Windows’ check disk (chkdsk.exe) utility is not sufficient for detecting these issues on the target hard drive. Instead, use software such as SpinRite or Norton Disk Doctor. These software applications can correct errors that would otherwise disrupt encryption. As a best practice, highly fragmented disks should be defragmented before you attempt to encrypt them. Maintain Power Throughout Encryption Because encryption is a CPU-intensive process, encryption cannot begin on a laptop computer that is running on battery power. The computer must be on AC power. If a laptop computer goes on battery power during the initial encryption process (or a later decryption or re-encryption process) PGP WDE pauses its activity. When you restore AC power, the encryption or decryption process resumes automatically. Regardless of the type of computer you are working with, your system must not lose power, or otherwise shut down unexpectedly, during the encryption process, unless you have selected the Power Failure Safety option. Do not remove the power cord from the system before the encryption process is over. If loss of power during encryption is a possibility—or if you do not have an uninterruptible power supply for your computer—consider choosing the Power Failure Safety option, as described in the PGP Desktop User’s Guide. -4- PGP Desktop User Guide for Windows Installation Process The following sections show the installation process step by step. The instructions are arranged in a side-by-side presentation, with an image of what you should see on the left and actions to perform (along with any notes) on the right. Getting the PGP Desktop Installer It is recommended that you download the client from the registration site before doing an installation. The most current version of the software is maintained on the web server and may include important security fixes or updates not found in previously downloaded versions. Direct your browser to https://pgpreg.service.ohio-state.edu/ Enter your OSU Internet ID (name.#) and password and click “Log In”. Note: Your OSU Internet ID is used as your PGP username. Read the OSU License Agreement. If you agree to the license terms, click the “I Agree” button. -5- PGP Desktop User Guide for Windows Write down the installation password that is displayed on this page. You will need it to authenticate to the PGP Enterprise Enrollment Assistant later in this process. Click on the link for the Windows installer and save the file to your Desktop. Once the file is downloaded, close your browser. Installing PGP Desktop Double-click on the PGP Desktop icon on your Desktop to start the installer. This security warning is displayed because the PGP Desktop installer was downloaded using the web browser and is not signed. Click “Run” to start the installer. -6- PGP Desktop User Guide for Windows Select the “I accept the license agreement” option and click “Next”. You can read the Release Notes at this time; they are also available from the Start menu after the installation is complete. Click “Next” to continue. The installation will now proceed. When all files are installed, a dialog box will appear indicating that the machine needs to be rebooted. Save any open documents, close any open programs, and then click the “Yes” button to reboot your machine. When the machine comes back up, log in to the machine as normal. Enrolling on the PGP Universal Server These steps are done the first time that a user logs into a machine after PGP Desktop has been installed. If there are several users on the machine, this process will be performed as each user logs in to the machine. -7- PGP Desktop User Guide for Windows This process must be done while connected to the network. It can be run off-campus as long as the machine has Internet access. After you have logged in to the machine, the PGP Enterprise Enrollment Assistant will start. Enter your PGP user name and installation password from the registration web site and click “Next”. Note that the “domain authentication credentials” as used at OSU for this screen are the PGP credentials and not any Windows, AD, or Novell domain. This screen is displayed if the Enrollment Assistant cannot locate a PGP key ring. Unless you have created PGP keys in the past and store them someplace other than the normal location (My Documents\PGP), simply click “Next” to continue. This window is the start of the assistant which creates a PGP key. This key is used for email, virtual disks, and PGP Zip files only. Click “Next” to continue. Note: If you have run the Enrollment Assistant in the past with the same PGP user name, the Enrollment Assistant will copy your existing key from the Universal Server onto the machine and will not run the Key Setup Assistant at all (you will skip the next four steps). -8- PGP Desktop User Guide for Windows You need to enter a pass phrase to use to protect your private key. The pass phrase must be at least eight characters long and can consist of letters (either case), numbers, and punctuation. The “Passphrase Quality” indicates the quality (difficulty of guessing) of the pass phrase. Once you have entered the pass phrase in each of the boxes, click “Next” to continue. You may see this information if the pass phrase you entered did not meet the length or quality requirements. Click “Back” and enter a new pass phrase. A Quick Note on Pass Phrase Quality Pass phrases are the passwords that PGP uses to protect the keys that protect emails and other forms of data. Treat the pass phrase like you would any user password. Try and make it simple to remember but hard for others to guess. Here are a few tips on making good passwords and pass phrases: • • • • Do use a minimum of 8 characters. Do use a mix of upper and lowercase letters, punctuation and numbers. Don’t use words found in any dictionary or proper names of any kind. Don’t use personal information such as birthdates, names of family members or pets, and address information, unless you modify them considerably. How do you construct a strong password? Be creative and make it fun at the same time. The key is generated and an encrypted copy is sent to the Universal Server for safekeeping. If you use multiple machines, the Enrollment Assistant will copy this key from the Universal Server when you run the Enrollment Assistant so that all machines you use will have the same PGP key installed. -9- PGP Desktop User Guide for Windows This screen announces the completion of the Key Setup Assistant. Click “Finish” to continue. This screen announces the completion of the PGP Desktop Setup process. Click “Finish” to continue to the next task. Encrypting the Hard Drive Double-click the PGP Desktop icon in the system tray or right-click on it and select “Open PGP Desktop”. - 10 - PGP Desktop User Guide for Windows Click on “PGP Disk” Click on “Encrypt Whole Disk” on the menu on the left or “Encrypt Whole Disk or Partition” in the middle of the window. Click the “+” beside your boot drive to ensure that there is only one encryptable partition on the disk. If more than one partition appears, you should contact your local network administrator for advice before proceeding. Click on “New Passphrase User…” - 11 - PGP Desktop User Guide for Windows Because the default policy requires using Windows passwords as boot passwords, click “Next” to continue. If you have been given a policy which allows boot pass phrases, you will be able to select either option. Contact your local network administrator on how to proceed if this is your situation. Ensure that the username and domain are correct then enter your Windows password. Click “Finish” to continue. Click on the “Power Failure Safety” option unless you are certain that there is no possibility of a power failure. If you are not going to be using the machine while the disk is encrypted, you can click on the “Maximum CPU Usage” option to speed up the encryption process. Click the “Encrypt” button to start encrypting the disk. - 12 - PGP Desktop User Guide for Windows Read the reminders about the encryption process and click “OK” to continue. The lower part of the screen shows a progress bar as the disk is encrypted. The window can be closed, if desired, without affecting the encryption process. If you need to pause the encryption process, click the “Stop” button. The button text will switch to “Resume” to allow you to resume the encryption process. Once the encryption process has finished, an icon is displayed to the right of the disk to show that the disk is encrypted. - 13 -

Related docs
OSU Voice Mail User Guide
Views: 98  |  Downloads: 0
OSU research
Views: 2  |  Downloads: 0
An Introduction to OSU Helpdesk
Views: 34  |  Downloads: 2
April Taken from Strategic Vision for Information Technology at OSU
Views: 1  |  Downloads: 0
networking security-OSU-OKC Network Security Policies and Procedures.doc
Views: 0  |  Downloads: 0
An Introduction to the OSU Helpdesk for Customers
Views: 25  |  Downloads: 0
OSU v TeleMedicine Center College of Osteopathic Medicine website
Views: 0  |  Downloads: 0
OSU Computer Helpdesk START
Views: 0  |  Downloads: 0
OSU-Okmulgee Assessment Plan 2003
Views: 7  |  Downloads: 0
help desk software-An Introduction to the OSU Helpdesk for Customers.pdf
Views: 0  |  Downloads: 0
help desk software-An Introduction to OSU Helpdesk.pdf
Views: 0  |  Downloads: 0
Ptrace-OSU Central Web Services Vulnerabilities.doc
Views: 0  |  Downloads: 0
premium docs
California Member-Managed LLC Operating Agreement$19.95
Acknowledgment of Independent Contractor$8.95
Artist-Agent Engagement Agreement$8.95
Website Design Non-Disclosure$14.95
Employee Handbook for Company$39.95
Limited Liability Partnership Agreement$29.95
Office Lease Agreement$8.95
Other docs by techmaster
Analysis of a dissimilar finite wedge under antiplane deformation
Views: 60  |  Downloads: 1
Texaco v Pennzoil
Views: 2334  |  Downloads: 22
Val di Susa Travel Guide
Views: 196  |  Downloads: 2
AMENDMENT OF LEASE
Views: 186  |  Downloads: 6
EARLY TERMINATION OF CONTRACT
Views: 974  |  Downloads: 35
Acceptance of forthcoming payment schedule
Views: 254  |  Downloads: 3
EVIDENCE PROBLEMS1
Views: 136  |  Downloads: 11
MKTG 101 Week 11
Views: 311  |  Downloads: 14
Rental Application
Views: 791  |  Downloads: 78
Remedies Checklist[1]
Views: 296  |  Downloads: 24
Independent Contractor Agreement- Real Estate Salesmen
Views: 3596  |  Downloads: 440
Daemon Tutorial FR
Views: 1781  |  Downloads: 14
PRacExamS04
Views: 119  |  Downloads: 1
Accounting for Lawyers[1]
Views: 1093  |  Downloads: 87
MKTG 101 Week 12
Views: 217  |  Downloads: 9