Symantec PGP Encryption

Back to discussions
Expand all | Collapse all

bypass using --aa via AutoExNT service on the workstation

  • 1.  bypass using --aa via AutoExNT service on the workstation

    Posted Jun 06, 2011 07:50 PM

    Hi,

    We tend to deploy applications over the weekend and as such we send magic wakeup packets to wake workstations and laptops up, and shutdown commands to put them to sleep again..  We deploy applications via GPO.. we do this so come monday morning, users do not need to wait for installation of applications (some taking 5-10 minutes) and can start work quickly.... it also reduced HD calls (the atypical - 'my PC is slow to startup this morning etc...'

    Straight forward sort of stuff.

    With the firm now wanting to PGP WDE laptops and eventually desktops  (totalling 1200 devices) the last thing we want to monday morning, users starting their laptop/workstation getting past the bootguard screen with their domain password and then waiting for windows to deploy a bunch of software or updates etc..

    1.  It is a delay to the staff

    2. the network and file servers will be flogged 8am monday morning when this could of all been done saturday etc.. so the installation will be particuarly slow.

     

    So enter the bypass option.

    I am away that the following command will give a bypass token to bootguard upon reboot

    pgpwde --disk 0 --add-bypass --aa

    This works a treat when i run it from a command line (and my AD account is a member of WDE-ADMIN

     

    However, I'm trying to run it from AutoExNT service (which in our environment runs under a specific AD account on each workstation) however the output from the command is as follows

    Warning: PGPwde is running in restricted environment.
             Some features are disabled
    Operation add bypass failed:
    Error code -11975: feature not available

    The AD account that AutoExNT runs under IS a member of WDE-ADMIN AD group.  The AD account is also a member of local workstation administrators

     

    So the question is - why can I run this command fine, but when executred as part of a script under AutoExNT it does not with the above result.

    Also - has anyone successfully been able to get this to run in a workstation startup KIX script?  the only output I can see is error levels (64 or 77 etc.... it would be handy to have a document that details what error level numbers mean (so far unable to find this information)

     

    Cheers