Transcription
PGP Desktop 9.9 for WindowsUser's Guide
Version InformationPGP Desktop for Windows User's Guide. PGP Desktop Version 9.9.1. Released November 2008.Copyright InformationCopyright 1991–2008 by PGP Corporation. All Rights Reserved. No part of this document can be reproduced or transmitted in any form or by anymeans, electronic or mechanical, for any purpose, without the express written permission of PGP Corporation.Trademark InformationPGP, Pretty Good Privacy, and the PGP logo are registered trademarks of PGP Corporation in the US and other countries. IDEA is a trademark ofAscom Tech AG. Windows and ActiveX are registered trademarks of Microsoft Corporation. AOL is a registered trademark, and AOL InstantMessenger is a trademark, of America Online, Inc. Red Hat and Red Hat Linux are trademarks or registered trademarks of Red Hat, Inc. Linux is aregistered trademark of Linus Torvalds. Solaris is a trademark or registered trademark of Sun Microsystems, Inc. AIX is a trademark or registeredtrademark of International Business Machines Corporation. HP-UX is a trademark or registered trademark of Hewlett-Packard Company. SSH andSecure Shell are trademarks of SSH Communications Security, Inc. Rendezvous and Mac OS X are trademarks or registered trademarks of AppleComputer, Inc. All other registered and unregistered trademarks in this document are the sole property of their respective owners.Licensing and Patent InformationThe IDEA cryptographic cipher described in U.S. patent number 5,214,703 is licensed from Ascom Tech AG. The CAST-128 encryption algorithm,implemented from RFC 2144, is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP Corporation has secured alicense to the patent rights contained in the patent application Serial Number 10/655,563 by The Regents of the University of California, entitled BlockCipher Mode of Operation for Constructing a Wide-blocksize block Cipher from a Conventional Block Cipher. Some third-party software included in PGPUniversal Server is licensed under the GNU General Public License (GPL). PGP Universal Server as a whole is not licensed under the GPL. If you wouldlike a copy of the source code for the GPL software included in PGP Universal Server, contact PGP Support (https://pgp.custhelp.com). PGPCorporation may have patents and/or pending patent applications covering subject matter in this software or its documentation; the furnishing of thissoftware or documentation does not give you any license to these patents.AcknowledgmentsThis product includes or may include: The Zip and ZLib compression code, created by Mark Adler and Jean-Loup Gailly, is used with permission from the free Info-ZIP implementation,developed by zlib (http://www.zlib.net). Libxml2, the XML C parser and toolkit developed for the Gnome project and distributed and copyrightedunder the MIT License found at l. Copyright 2007 by the Open Source Initiative. bzip2 1.0, afreely available high-quality data compressor, is copyrighted by Julian Seward, 1996-2005. Application server (http://jakarta.apache.org/), webserver (http://www.apache.org/), Jakarta Commons (http://jakarta.apache.org/commons/license.html) and log4j, a Java-based library used to parseHTML, developed by the Apache Software Foundation. The license is at www.apache.org/licenses/LICENSE-2.0.txt. Castor, an open-source, databinding framework for moving data from XML to Java programming language objects and from Java to databases, is released by the ExoLab Groupunder an Apache 2.0-style license, available at http://www.castor.org/license.html. Xalan, an open-source software library from the Apache SoftwareFoundation that implements the XSLT XML transformation language and the XPath XML query language, is released under the Apache SoftwareLicense, version 1.1, available at http://xml.apache.org/xalan-j/#license1.1. Apache Axis is an implementation of the SOAP ("Simple Object AccessProtocol") used for communications between various PGP products is provided under the Apache license found athttp://www.apache.org/licenses/LICENSE-2.0.txt. mx4j, an open-source implementation of the Java Management Extensions (JMX), is releasedunder an Apache-style license, available at http://mx4j.sourceforge.net/docs/ch01s06.html. jpeglib version 6a is based in part on the work of theIndependent JPEG Group. (http://www.ijg.org/) libxslt the XSLT C library developed for the GNOME project and used for XML transformations isdistributed under the MIT License l. PCRE version 4.5 Perl regular expression compiler,copyrighted and distributed by University of Cambridge. 1997-2006. The license agreement is at http://www.pcre.org/license.txt. BIND BalancedBinary Tree Library and Domain Name System (DNS) protocols developed and copyrighted by Internet Systems Consortium, Inc. (http://www.isc.org) Free BSD implementation of daemon developed by The FreeBSD Project, 1994-2006. Simple Network Management Protocol Library developedand copyrighted by Carnegie Mellon University 1989, 1991, 1992, Networks Associates Technology, Inc, 2001- 2003, Cambridge Broadband Ltd. 2001- 2003, Sun Microsystems, Inc., 2003, Sparta, Inc, 2003-2006, Cisco, Inc and Information Network Center of Beijing University of Postsand Telecommunications, 2004. The license agreement for these is at . NTP version 4.2developed by Network Time Protocol and copyrighted to various contributors. Lightweight Directory Access Protocol developed and copyrighted byOpenLDAP Foundation. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). Copyright 1999-2003,The OpenLDAP Foundation. The license agreement is at tml. Secure shell OpenSSH version 4.2.1developed by OpenBSD project is released by the OpenBSD Project under a BSD-style license, available at http://www.openbsd.org/cgi bin/cvsweb/src/usr.bin/ssh/LICENCE?rev HEAD. PC/SC Lite is a free implementation of PC/SC, a specification for SmartCard integration is releasedunder the BSD license. Postfix, an open source mail transfer agent (MTA), is released under the IBM Public License 1.0, available athttp://www.opensource.org/licenses/ibmpl.php. PostgreSQL, a free software object-relational database management system, is released under aBSD-style license, available at http://www.postgresql.org/about/licence. PostgreSQL JDBC driver, a free Java program used to connect to aPostgreSQL database using standard, database independent Java code, (c) 1997-2005, PostgreSQL Global Development Group, is released under aBSD-style license, available at http://jdbc.postgresql.org/license.html. PostgreSQL Regular Expression Library, a free software object-relationaldatabase management system, is released under a BSD-style license, available at http://www.postgresql.org/about/licence. 21.vixie-cron is the Vixieversion of cron, a standard UNIX daemon that runs specified programs at scheduled times. Copyright 1993, 1994 by Paul Vixie; used by permission. JacORB, a Java object used to facilitate communication between processes written in Java and the data layer, is open source licensed under theGNU Library General Public License (LGPL) available at http://www.jacorb.org/lgpl.html. Copyright 2006 The JacORB Project. TAO (The ACE ORB)is an open-source implementation of a CORBA Object Request Broker (ORB), and is used for communication between processes written in C/C andthe data layer. Copyright (c) 1993-2006 by Douglas C. Schmidt and his research group at Washington University, University of California, Irvine, andVanderbilt University. The open source software license is available at http://www.cs.wustl.edu/ schmidt/ACE-copying.html. libcURL, a library fordownloading files via common network services, is open source software provided under a MIT/X derivate license available athttp://curl.haxx.se/docs/copyright.html. Copyright (c) 1996 - 2007, Daniel Stenberg. libuuid, a library used to generate unique identifiers, is releasedunder a BSD-style license, available at ib/uuid/COPYING. Copyright (C) 1996, 1997 Theodore Ts'o. libpopt, a library that parses command line options, is released under the terms of the GNU Free Documentation License available athttp://directory.fsf.org/libs/COPYING.DOC. Copyright 2000-2003 Free Software Foundation, Inc. gSOAP, a development tool for Windows clientsto communicate with the Intel Corporation AMT chipset on a motherboard, is distributed under the GNU Public License, available at
http://www.cs.fsu.edu/ engelen/soaplicense.html. Windows Template Library (WTL) is used for developing user interface components and isdistributed under the Common Public License v1.0 found at http://opensource.org/licenses/cpl1.0.php. The Perl Kit provides several independentutilities used to automate a variety of maintenance functions and is provided under the Perl Artistic License, found .html. rEFIt - libeg, provides a graphical interface library for EFI, including image rendering, textrendering, and alpha blending, and is distributed under the license found t*/refit/trunk/refit/LICENSE.txt?revision 288. Copyright (c) 2006 Christoph Pfisterer. All rightsreserved.Export InformationExport of this software and documentation may be subject to compliance with the rules and regulations promulgated from time to time by the Bureauof Export Administration, United States Department of Commerce, which restricts the export and re-export of certain products and technical data.LimitationsThe software provided with this documentation is licensed to you for your individual use under the terms of the End User License Agreement providedwith the software. The information in this document is subject to change without notice. PGP Corporation does not warrant that the information meetsyour requirements or that the information is free of errors. The information may include technical inaccuracies or typographical errors. Changes may bemade to the information and incorporated in new editions of this document, if and when made available by PGP Corporation.4
ContentsAbout PGP Desktop 9.9 for Windows1What's New in PGP Desktop for Windows Version 9.9Using this Guide“Managed” versus “Unmanaged” UsersConventions Used in This GuideWho Should Read This DocumentAbout PGP Desktop LicensingChecking License DetailsIf Your License has ExpiredGetting AssistanceGetting product informationContacting Technical SupportPGP Desktop Basics1456667910101013PGP Desktop TerminologyPGP Product ComponentsTerms Used in PGP DesktopConventional and Public Key CryptographyLearning More About CryptographyUsing PGP Desktop for the First Time131314161717Installing PGP Desktop21Before You InstallSystem RequirementsCitrix and Terminal Services CompatibilityInstalling and Configuring PGP DesktopInstalling the SoftwareUpgrading the SoftwareUpgrading From Standalone to Managed PGP Desktop BuildsRunning the Setup AssistantUninstalling PGP DesktopMoving Your PGP Desktop Installation From One Computer to Another2121222222232424242527The PGP Desktop User InterfaceAccessing PGP Desktop FeaturesThe PGP Desktop Main ScreenUsing the PGP Tray IconUsing Shortcut Menus in Windows ExplorerUsing the Start Menui2728293133
PGP Desktop 9.9 for WindowsContentsPGP Desktop Notifier alertsPGP Desktop Notifier for MessagingPGP Desktop Notifier for Disk featuresEnabling or Disabling NotifiersViewing the PGP Log3333373839Working with PGP Keys43Viewing KeysCreating a KeypairPasswords and PassphrasesProtecting Your Private KeyProtecting Keys and KeyringsBacking up Your Private KeyWhat if You Lose Your Key?Distributing Your Public KeyPlacing Your Public Key on a KeyserverIncluding Your Public Key in an Email MessageExporting Your Public Key to a FileCopying from a Smart Card Directly to Someone’s KeyringGetting the Public Keys of OthersGetting Public Keys from a KeyserverGetting Public Keys from Email MessagesWorking with KeyserversUsing Master KeysAdding Keys to the Master Key ListDeleting Keys from the Master Key ListManaging PGP ing and Setting Key PropertiesAdding and Removing Photographic IDsManaging User Names and Email Addresses on a KeyImporting Keys and X.509 CertificatesUsing the Import Certificate AssistantChanging Your PassphraseDeleting Keys, User IDs, and SignaturesDisabling and Enabling Public KeysVerifying a Public KeySigning a Public KeyRevoking Your Signature from a Public KeyGranting Trust for Key ValidationsWorking with SubkeysUsing Separate SubkeysViewing SubkeysCreating New SubkeysRevoking SubkeysRemoving Subkeysii596061626364666667687070717273747575
PGP Desktop 9.9 for WindowsContentsWorking with ADKsAdding an ADK to a KeypairUpdating an ADKRemoving an ADKWorking with RevokersAppointing a Designated RevokerRevoking a KeySplitting and Rejoining KeysCreating a Split KeyRejoining Split KeysIf You Lost Your Key or PassphraseReconstructing Keys with PGP UniversalReconstructing Keys in a Standalone InstallationResetting Your PassphraseProtecting Your KeysSecuring Email Messages76767777777878797980828284888991How PGP Desktop Secures Email MessagesIncoming MessagesOutgoing MessagesUsing Offline PolicyServices and PoliciesViewing Services and PoliciesCreating a New Messaging ServiceEditing Messaging Service PropertiesDisabling or Enabling a ServiceDeleting a ServiceMultiple ServicesTroubleshooting PGP Messaging ServicesCreating a New Security PolicyRegular Expressions in PoliciesSecurity Policy Information and ExamplesWorking with the Security Policy ListEditing a Security PolicyEditing a Mailing List PolicyDeleting a Security PolicyChanging the Order of Policies in the ListPGP Desktop and SSLKey ModesDetermining Key ModeChanging Key ModeViewing the PGP LogSecuring Instant 113114118118119121122122124127About PGP Desktop’s Instant Messaging CompatibilityInstant Messaging Client Compatibilityiii127128
PGP Desktop 9.9 for WindowsContentsAbout the Keys Used for EncryptionEncrypting your IM Sessions129129Protecting Disks with PGP Whole Disk EncryptionAbout PGP Whole Disk EncryptionHow does PGP WDE Differ from PGP Virtual Disk?Licensing PGP Whole Disk EncryptionLicense ExpirationPrepare Your Disk for EncryptionSupported Disk TypesSupported KeyboardsEnsure Disk Health Before EncryptionCreating Recovery DisksCalculate the Encryption DurationMaintain Power Throughout EncryptionRun a Pilot Test to Ensure Software CompatibilityDetermining the Authentication Method for the DiskPassphrase and Single Sign-On AuthenticationPublic Key AuthenticationToken-Based AuthenticationTwo-Factor Authentication Using a USB Flash DeviceTrusted Platform Module (TPM) AuthenticationSetting Encryption OptionsPartition-Level EncryptionPreparing a Smart Card or Token to Use For AuthenticationUsing PGP Whole Disk Encryption OptionsEncrypting a Disk or PartitionSupported Characters for PGP WDE PassphrasesEncrypting the DiskEncountering Disk Errors During EncryptionUsing a PGP WDE-Encrypted DiskAuthenticating at the PGP BootGuard ScreenSelecting Keyboard LayoutsUsing PGP WDE Single Sign-OnPrerequisites for Using Single Sign-OnEncrypting the Disk to Use Single Sign-OnMultiple Users and Single Sign-OnLogging in with Single Sign-OnChanging Your Passphrase With Single Sign-OnDisplaying the Windows Login dialog boxMaintaining the Security of Your DiskGetting Disk or Partition InformationUsing the Bypass FeatureAdding Other Users to an Encrypted Disk or PartitionDeleting Users From an Encrypted Disk or PartitionChanging User PassphrasesRe-Encrypting an Encrypted Disk or 1163164164165165165166166166168168169169171
PGP Desktop 9.9 for WindowsContentsBacking Up and Restoring172Uninstalling PGP Desktop from Encrypted Disks or Partitions172Working with Removable Disks172Encrypting Removable Disks173Using Locked (Read-Only) Disks as Read-Only174Moving Removable Disks to Other Systems175Reformatting an Encrypted Removable Disk175Using PGP WDE in a PGP Universal Server-Managed Environment176PGP Whole Disk Encryption Administration176Creating a Recovery Token177Using a Recovery Token178Recovering Data From an Encrypted Drive178Decrypting a PGP WDE-Encrypted Disk179Special Security Precautions Taken by PGP Desktop181Passphrase Erasure182Virtual Memory Protection182Hibernation vs Standby182Memory Static Ion Migration Protection182Other Security Considerations183Using the Windows Preinstallation Environment183Using PGP Whole Disk Encryption with IBM Lenovo ThinkPad Systems184Using PGP Whole Disk Encryption with the Microsoft Windows XP Recovery Console185Using PGP Virtual Disks187About PGP Virtual DisksCreating a New PGP Virtual DiskViewing the Properties of a PGP Virtual DiskFinding PGP Virtual DisksUsing a Mounted PGP Virtual DiskMounting a PGP Virtual DiskUnmounting a PGP Virtual DiskCompacting a PGP Virtual DiskRe-Encrypting PGP Virtual DisksWorking with Alternate UsersAdding Alternate User Accounts to a PGP Virtual DiskDeleting Alternate User Accounts from a PGP Virtual DiskDisabling and Enabling Alternate User AccountsChanging Read/Write and Read-Only StatusGranting Administrator Status to an Alternate UserChanging User PassphrasesDeleting PGP Virtual DisksMaintaining PGP Virtual DisksMounting PGP Virtual Disk Volumes on a Remote ServerBacking up PGP Virtual Disk VolumesExchanging PGP Virtual 8199199200200200201
PGP Desktop 9.9 for WindowsContentsThe PGP Virtual Disk Encryption AlgorithmsSpecial Security Precautions Taken by PGP Virtual DiskPassphrase ErasureVirtual Memory ProtectionHibernationMemory Static Ion Migration ProtectionOther Security ConsiderationsUsing PGP NetShare202202203203203203204205About PGP NetSharePGP NetShare RolesLicensing PGP NetShareAuthorized User KeysEstablishing a PGP NetShare Admin (Owner)"Blacklisted" and "Whitelisted" Files, Folders, and Applications“Blacklisted” and Other Files You Cannot Protect"Blacklisted" and "Whitelisted" Folders Specified by PGP Universal ServerApplication-based Encryption and Decryption Bypass ListsWorking with Protected FoldersChoosing the Location for a Protected FolderCreating a New PGP NetShare Protected FolderUsing Files in a PGP NetShare Protected FolderUnlocking a Protected FolderDetermining the Files in a Protected FolderAdding Subfolders to a Protected FolderChecking Folder StatusCopying Protected Folders to Other LocationsWorking with PGP NetShare UsersAdding a PGP NetShare UserChanging a User's RoleDeleting a User from a Protected FolderImporting PGP NetShare Access ListsWorking with Active Directory GroupsSetting up PGP NetShare to Work with GroupsRefreshing GroupsRemoving a FolderRe-Encrypting a FolderClearing a PassphraseProtecting Files Outside of a Protected FolderBacking Up PGP NetShare-Protected FilesAccessing PGP NetShare Features using the Shortcut MenuPGP NetShare in a PGP Universal Server-managed EnvironmentAccessing the Properties of a Protected File or FolderUsing the PGP NetShare Menus in PGP DesktopThe File MenuThe Edit MenuThe NetShare 36236238239239239239
PGP Desktop 9.9 for WindowsContentsUsing PGP Zip241OverviewCreating PGP Zip ArchivesEncrypting to Recipient KeysEncrypting with a PassphraseCreating a PGP Self-Decrypting Archive (SDA)Creating a Sign Only ArchiveOpening a PGP Zip ArchiveOpening a PGP Zip SDAEditing a PGP Zip ArchiveVerifying Signed PGP Zip ArchivesShredding Files with PGP Shredder241242246250254257260260261263265Using PGP Shredder to Permanently Delete Files and FoldersShredding Files using the PGP Shredder Icon on Your DesktopShredding Files From Within PGP DesktopShredding Files in Windows ExplorerUsing the PGP Shred Free Space AssistantScheduling Free Space ShreddingStoring Keys on Smart Cards and TokensAbout Smart Cards and TokensCompatible Smart CardsRecognizing Smart CardsExamining Smart Card PropertiesGenerating a PGP Keypair on a Smart CardCopying your Public Key from a Smart Card to a KeyringCopying a Keypair from Your Keyring to a Smart CardWiping Keys from Your Smart CardUsing Multiple Smart CardsSpecial-Use TokensConfiguring the Aladdin eTokenSetting PGP Desktop 79279280280283Accessing the PGP Options dialog boxGeneral OptionsKeys OptionsMaster Keys OptionsMessaging OptionsProxy Options283284286289289292vii
PGP Desktop 9.9 for WindowsContentsPGP NetShare OptionsDisk OptionsNotifier OptionsAdvanced Options296297300301Working with Passwords and PassphrasesChoosing whether to use a password or passphraseThe Passphrase Quality BarCreating Strong PassphrasesWhat if You Forget Your Passphrase?Using PGP Desktop with PGP Universal ServerOverviewFor PGP Administrators305305306307309311311312Messaging with Lotus Notes and MAPI315About Lotus Notes and MAPI CompatibilityUsing PGP Desktop with Lotus NotesSending email to recipients inside your Lotus Notes organizationSending email to recipients outside your Lotus Notes organizationBinding to a Universal ServerPre-BindingManual BindingNotes AddressesNotes Client SettingsThe Notes.ini Configuration FileIndex315315316316317317317318318319321viii
1About PGP Desktop 9.9 forWindowsPGP Desktop is a security tool that uses cryptography to protect your dataagainst unauthorized access.PGP Desktop protects your data while being sent by email or by instantmessaging (IM). It lets you encrypt your entire hard drive or hard drive partition(on Windows systems)—so everything is protected all the time—or just aportion of your hard drive, via a virtual disk on which you can securely store yourmost sensitive data. You can use it to share your files and folders securely withothers over a network. It lets you put any combination of files and folders intoan encrypted, compressed package for easy distribution or backup. Finally, usePGP Desktop to shred (securely delete) sensitive files—so that no one canretrieve them—and shred free space on your hard drive, so there are nounsecured remains of any files.Use PGP Desktop to create PGP keypairs and manage both your personalkeypairs and the public keys of others.To make the most of PGP Desktop, you should be familiar with PGP DesktopTerminology (on page 13). You should also understand conventional and publickey cryptography, as described in Conventional and Public Key Cryptography (onpage 16).In This ChapterWhat's New in PGP Desktop for Windows Version 9.9. 1Using this Guide . 4Who Should Read This Document . 6About PGP Desktop Licensing . 6If Your License has Expired . 9Getting Assistance . 10What's New in PGP Desktop for Windows Version 9.9Building on PGP Corporation’s proven technology, PGP Desktop 9.9 forWindows includes numerous improvements and the following new andresolved features.1
PGP Desktop 9.9 for WindowsAbout PGP Desktop 9.9 for WindowsChanges between PGP Desktop version 9.9.0 and 9.9.1 Full support for French-French keyboards for PGP Whole Disk Encryption.Characters allowed when creating and enter passphrases on Frenchkeyboards are:à ä ã â ç é è ê ë î ï ì ñ ô ö õ ò û ù ü ÿ (both lowercaseand uppercase) µ (degree symbol), (generic currency sign), § (section sign),superscript 2 For a list of other changes in this release, see the resolved issues section,below.What's New in PGP Desktop for Windows version 9.9.0General User Interface Modifications for ADA Compliance. Compliance with theAmericans with Disabilities Act (ADA) standards for accessible designcontinues to improve in this release. PGP Universal Server now provideskeyboard equivalents for all actions in PGP Universal Web Messenger andPGP Verified Directory web pages. The PDF documentation for all PGPproducts in this release is tagged to facilitate reading and navigation of thedocumentation by users of assistive technology. PGP NetShare for Multi-user Environments. PGP NetShare is nowcompatible with certain Microsoft Terminal Services and Citrix PresentationServer environments. PGP NetShare Application Encryption Policy. PGP NetShare nowextends managed support to provide policy-based encryption byapplication. An example of this feature would be to configure all users inthe Finance department so that all documents created with Microsoft Excelare encrypted with PGP NetShare automatically, while the Microsoft Worddocuments created by users in the Legal department are protected.PGP NetSharePGP Whole Disk Encryption PGP WDE BootGuard Lockout. PGP Universal Server now enables theadministrator to enforce a PGP WDE BootGuard Lockout. PGP BootGuardlocks access to the system after the user exceeds the maximum numberof permitted failed authentication attempts. PGP WDE Advanced Bad Sector Management. In managedenvironments, when PGP Whole Disk Encryption encounters bad disksectors during encryption, it silently logs the event, continues encryptingthe disk, and informs the PGP Universal Server of the bad sector. Forinformation on PGP WDE best practices for disk preparation, see the PGPDesktop User’s Guide.2
PGP Desktop 9.9 for WindowsAbout PGP Desktop 9.9 for Windows Enhanced PGP WDE Policy. Administrators now have fine-grained controlof end-user PGP Whole Disk Encryption permissions. For example, anAdministrator can now manage boot disk functions separately fromremovable disk functions by preventing the decryption of boot disks, whileallowing the encryption and decryption of removable disks. Computer Name on PGP BootGuard Screen. The computer name and ID(as specified in the System Properties dialog box) can now be displayed onthe PGP BootGuard screen, so the system's user can easily identify whatspecific computer is being used. With the user now able to communicatethis information, a PGP Universal Server administrator or helpdesk agentcan easily provide the correct WDRT to the user. Extended Keyboard Support. PGP Whole Disk Encryption has expandedsupport to the following regional keyboards: Belgian Bosnian, Croatian, Serbian and Slovenian Canadian Multilingual Standard Chinese Simplified (China/Singapore) Chinese Traditional (Hong Kong/Taiwan) Czech (QWERTY) Danish Dutch English English (US-International) Estonian Finnish French French Canadian German German (Germany/Austria) German (Switzerland) Hungarian Icelandic Irish Italian Japanese Korean Norwegian3
PGP Desktop 9.9 for WindowsAbout PGP Desktop 9.9 for Windows Polish Portuguese (Brazil) Portuguese (Portugal) Romanian Spanish (Spain) Spanish (Latin America) Spanish Variation Swedish Swiss French Enhanced Key Handling. Improvements have been made to ensure thatkey material is securely wiped at shutdown in all cases. Offline Policy controls. Administrators can now enforce policy for offlineusers by controlling what happens to email when the PGP Universal Servercannot be reached by PGP Desktop. Options include blocking outboundmessages, sending outbound messages in the clear, or allowing users tofollow locally defined policy. A PGP Notifier-like window can optionally bepresented, informing the user that policy could not be executed, and askingif the user would like to send the message unsecured. Any use of clientoffline bypass is logged to PGP Universal Server.PGP MessagingPGP Universal Server Logging Rich Client Policy Logging. PGP Universal Server now logs a variety ofinformation about the client's receipt and use of downloaded policy. Thisinformation also includes the list of enabled PGP Desktop modules, licenseinformation for the client, and PGP NetShare folder encryption processingpreferences (that is, specified white lists and black lists for the client). Enhanced Centralized Event Logging. PGP Universal Server providesexpanded reporting on PGP Whole Disk Encryption usage on clientsystems. Information now provided includes the user name and primaryemail address associated with the system, the last access by the user, theversion of PGP Desktop in use, and other system-specific information.Using this GuideThis Guide provides information on configuring and using the componentswithin PGP Desktop. Each chapter of the guide is devoted to one of thecomponents of PGP Desktop.4
PGP Desktop 9.9 for WindowsAbout PGP Desktop 9.9 for Windows“Managed” versus “Unmanaged” UsersA PGP Universal Server can be used to control the policies and settings used bycomponents of PGP Desktop. This is often the case in enterprises using PGPsoftware. PGP Desktop users in this configuration are known as managedusers, because the settings and policies available in their PGP Desktop softwareare pre-configured by a PGP administrator and managed using a PGP UniversalServer. If you are part of a managed environment, your company may havespecific usage requirements. For example, managed users may or may not beallowed to send plaintext email, or may be required to encrypt their disk withPGP Whole Disk Encryption.Users not under the control of a PGP Universal Server are called unmanaged orstandalone users.This document describes how PGP Desktop works in both situations; however,managed users may discover while wo
Windows PGP Desktop 1
