PGP Installation and Enrollment Process
The information below pertains to computers running the COMIS baseline. If you are using PGP on a LCOM computer that does not have the COMIS baseline on it then the information on the UVM web page pertains to you. That web page can be found at https://www.uvm.edu/it/security/pgp
What is PGP?
Pretty Good Privacy (PGP) is data privacy and protection software that utilizes encryption and authentication to hide information. With PGP, a computer's hard disk can be encrypted to render it unreadable to unauthorized users without the encryption passphrase or a recovery token, even if the disk is removed from the computer. PGP Desktop is a suite of encryption applications from PGP Corporation.
What does PGP encrypt?
Every single bit of data on a hard disk, including not just files and programs, but also temporary files, file metadata, and the disk's empty space. Total encryption of the drive protects the data by rendering the contents of the disk unreadable to anyone who does not know the encryption passphrase, even if the disk drive is removed from the computer. Pre-boot authentication is also required so that your computer will not boot unless the correct passphrase is entered. PGP can also be used on flash drivers and other media used to store or transport confidential information.
Why am I required to have PGP installed on my computer?
State and Federal regulations have prompted more stringent security policies at UVM requiring that all laptops be encrypted for data protection. An encrypted hard drive, used correctly, protects data from unauthorized access in the event of computer theft or loss. User knowledge of proper protection methods and safe computing practices, in conjunction with encryption technology, help to ensure that data is guarded from accidental, unlawful or malicious use. University Policy will be forthcoming on this subject and can be found at http://www.uvm.edu/policies.
Do I need to know my UVM NetID password?
Yes. Your UVM NetID password is the same password that you would use to log onto PeopleSoft. It may not be the same as the password you use to log onto your COMIS account. If you do not know this password you will need to reset it prior to installing PGP. You can reset this password yourself by clicking on the “Reset a forgotten password” link on the UVM Network ID and Account Management website.
Will I have several passwords upon every login?
No. Once you have completed the initial enrollment process found in the Installation Instructions you will be prompted for only one password to logon to your laptop. This is one of the features of PGP that is extremely advantageous over other encryption software. This feature of PGP is referred to as Single Sign-On.
What password will I use?
Once you have completed the initial enrollment process found in the Installation Instructions you will enter your COMIS password at startup or logon screens. The first time you logon after installing PGP you will use your UVM NetID password. For each subsequent logon you will use your COMIS password.
What if I forget my password?
If you cannot remember your COMIS password, or your current password is not working for some reason, you will need to get a recovery token to access your data. Please contact the COMIS Help Desk at (802) 656-7300 or submit a Footprints entry if you need a recovery token to log onto your laptop.
What should I know about changing my password?
We recommend that your password change happens while your laptop is connected to the network. If you have changed your password through the web or on another COMIS computer then you will have to use your old password one last time. Connect the laptop to the COMIS network, logon with your old password to authenticate your laptop with the server and register the password change. You will use your new password upon next logon.
Where do I change my password?
We recommend that you change your password only on your COMIS laptop while it is connected to the network. Laptop users can change a password by pressing Ctrl, Alt, Delete on the laptop and choosing 'change password'. Please note that if you change your password through some other method, your laptop will not immediately recognize the change. You will need to connect your laptop, logon with your old password and then sign in with the changed password at the next logon.
Can I request that PGP be installed on my laptop?
Faculty and staff of the Larner College of Medicine who have University owned laptops can install PGP on their machines.
Can PGP be installed on a desktop?
PGP can currently be installed only on University owned desktops that are being used off campus. We are not currently licensed to install PGP on University owned desktops that are being used on campus.
Where can I get PGP?
PGP Desktop can be downloaded from the UVM software download archive. PGP Desktop is also pre-installed on departmental laptop computers purchased from the UVM Computer Depot. It is available for Microsoft Windows and Macintosh Operating Systems.
How do I install PGP Desktop?
Installation instructions are available from COMIS on our website. If you need screen shots to walk you through the installation you can see them for Windows or Macintosh at UVM’s website.
What is PGP enrollment and who needs to enroll?
Only the laptop owner needs to enroll with PGP. PGP Enrollment registers the computer with the campus PGP server, where a backup of your encryption keys is made to prevent a complete lock-out from your data in the event of a forgotten passphrase or system failure. Encryption of the disk drive does not occur until successful enrollment has been completed.
Can other people use my laptop if I have PGP installed?
Yes. Once the laptop is turned on and the owner signs in upon startup the machine can then be logged into by other COMIS users. They will be prompted with a PGP registration screen that they should ignore by choosing cancel. This registration screen will pop up every time they log into the laptop.
Can I enroll other people on my laptop?
Yes. Other NetID holders can be added as authorized accounts to logon to the PGP protected disk. Please follow the instructions located on the enrollment section of our webpage for further information.
Can I decrypt my machine?
No. Due to security policies all COMIS laptops with sensitive data must not be decrypted. If your machine needs to be decrypted for troubleshooting please contact the COMIS Help Desk at (802) 656-7300 or submit a Footprints entry.
Why does my system seem slower at times (will I notice a difference)?
Once enrolled, PGP Desktop will automatically begin the process of encrypting the disk drive. While you can still use your computer during this process, the computer may respond more slowly than usual to other tasks. Due to the increased disk activity, you may also notice a rise in the computer's internal heat and additional noise from the disk drive or cooling fans. This is normal behavior while the drive is being encrypted. Once fully encrypted, which may take several hours on drives with large amounts of storage space, computer behavior should return to normal.
Why isn’t my keyboard or mouse working when I startup the machine?
If you are using Bluetooth keyboards or mice you will need to change over to wired or wireless technology. Bluetooth is not recognized before the operating system loads and will not be acknowledged at the PGP login screen.
Can my computer go into sleep mode, hibernation mode or shut down while it is encrypting?
During the encryption process you may put your laptop into sleep or hibernation mode. Shutting down or restarting the computer at any time will not reset PGP's encryption progress. PGP will stop and resume encryption automatically as necessary until it finishes encrypting the entire disk drive.
What should I do if my laptop is stolen?
Call the local police. Then notify the COMIS Help Desk at (802) 656-7300.
Is my data safe if my laptop is stolen?
Yes, as long as your computer is off and your passphrase is unknown to the thief. Whole Disk Encryption (WDE) is the encryption of every single bit of data on a hard disk, including not just files and programs, but also temporary files, file metadata, and the disk's empty space. WDE's total encryption protects the data by rendering the contents of the disk unreadable to anyone who does not know the encryption passphrase, even if the disk drive is removed from the computer. WDE also requires pre-boot authentication, meaning your computer will not boot unless the correct passphrase is entered.
Where can I get more information on PGP?
PGP Corporation has user and quick-start guides as well as a searchable knowledgebase about PGP Desktop and cryptography in general. Additional information regarding PGP at the University of Vermont can be found on the UVM PGP website.
Who should I call if I have problems with PGP?
If you are a Larner College of Medicine user please call the Help Desk at (802) 656-7300 between the hours of 8am - 5pm, Monday through Friday. You may also stop into our offices at D104 Given or submit a Footprints entry.