Pgp silent install

To disable this functionality with msiexec the command is as follows. This will also ensure that the PGPdisk. Another feature that some customers wish to disable is File Share encryption.

The command to do this is as follows. This will also ensure that the file sharing driver PGPfsd. To use invisible silent enrollment, you must use this msiexec switch. To enable a feature that was previously disabled with an msiexec switch, you need to install a newer release with the opposite switch. Note that once an msiexec switch has been used, there is no need to use it again on subsequent upgrades. The upgrade will retain the existing settings.

If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience. Disabling Encryption Desktop functionality using msiexec switches. There are reasons, however, why you should consider using msiexec switches to disable functionality for managed Encryption Desktop clients: You will never use drive encryption and wish to ensure that the encryption driver is not installed.

Only drive encryption uses single sign on so it is logical to disable single sign on too. You will never use File Share Encryption and wish to ensure the file sharing driver is not installed. What steps did you try when generating the response file? Or is a response file documented in the manual? Posted by: ITreaper 7 years ago. First of all I would like to thank you for your help,. A: No there is only 1 MSI for the entire application. Q: A reboot may be necessary to start any services installed by the application.

A: The documentation that was provided to us was just the nessasry information such as, the license key, media location, name of application, and vender name, also very ginaric instustions with the.

Q: Having said that, have you actually checked whether the PGP documentation describes any mass deployment techniques? Q: As for entering the License key - again, is this documented in the PGP manual, or are you guessing at the property to set? A: The MSI does not have and property nameing where the License key may go, I was googleing all the property that may hint on where the property might work, again all the documents are not given to me, a tutorial was made using the.

Q: What steps did you try when generating the response file? A: The command I used to create the response file was setup. Comments: looking into the properties in the application it looks like it was created by wise packaging studio. ITreaper, check with vendor, in our case symantec was able to send a third party to the site and they provided me with the packged version of MSI, which we just had to deploy with the silent switches.

Comments: Have you contacted vendor for this. Looks like to me that there's something missing. If you enable verbose logging via the registry and then run the install using the EXE, you may find that the installation log contains the property that is used for the license key. It is possible that the wisescript stub exe is generating the dialog which requests entry of the serial number and then passes the value to the MSI. The verbose log provides listings of all property values at different points in the install, so just look for the property name associated with the serial number.

Posted by: ekgcorp 7 years ago. Find the one that looks like where you will put the License Key in. When I give the laptop to the user, I want to add the domain user to the encryption key, and then remove the local admin account from the encryption key.

I can't seem to automate the install to where the disk is encrypted and the local admin account has access to the key, while keeping the install silent. Thanks for your reply. Is there any way to go ahead and encrypt the disk without providing a user account at all? And yes if you could post the link when SymWise is back up that would be great. With these settings make sure we also check option in Encryption Server's consumer desktop policy for automatically encrypt boot disk and force single sign on password so encryption starts automatically.

Are the clients standalone, or managed by a Symantec Encryption Management Server? If it is not a managed environment, silent enrollment will not work. It is based on Active Directory Sync through the encryption management server and your AD structure for authentication. Is there a requirement that the laptops be encrypted and protected by preboot authentication during the 'storage' period? It may be possible to create a passphrase-only user to encrypt the drive to, then create a single-use Bootguard Authenticated Bypass user per the instructions here:.

There is no official method for deploying pre-encrypted systems from Symantec, but if you are using a management server, and don't require preboot authentication until a system is delivered to an end user, I would do the following:. Create two groups using AD Sync, and two policies on the server.

One should force users to use single sign on for authentication, and the other should Allow, but not force it. The second group should have permissions to encrypt the drive. After the initial reboot after installation, log onto the system with a member of the second group Allow SSO, has encryption permissions.

Encrypt the drive to a passphrase only user. This should also add any WDE Administrator user as set in the policy. When it is given to an end user, it should start up once without asking for a Bootguard authentication. When they log into Windows, it should detect that they are in the first group, and force them to be added to the drive as a user for authentication.

They should then be able to use Single Sign On without getting any prompts, etc. It definitely is not the most elegant solution, but I think it will accomplish what you are after. The product was designed to be implemented with the desired end user, not encrypted before distribution. Since the product is designed to encrypt per user, a user must be created before encryption can begin. I'll give this a try and I will post the results. It will probably take me a little while as I am new to the product :.