Yale University

About ITS

Yale ITS HomeSoftware

Gateways for:

Help Desk
203.432.9000

ITS Office
Yale University
25 Science Park
P.O. Box 208276
New Haven, CT
06520-8276
USA

Yale logo.

Whole disk encryption service – FAQs

Most asked questions

General questions

Mac OS FAQ

Windows OS FAQ

Installation and troubleshooting FAQ

I get the following error message: "The user account you have entered has been disabled on the PGP universal server. Contact your security administrator for more information". What does it mean and what should I do?

The individual attempting enrollment has not been authorized or approved for use of the Data Encryption Service (PGP). Please complete the encryption service request form.

I have to change my NetID password; will this affect my use of PGP?

No, the first time you reboot your machine after changing your NetID password you will have to
enter your old NetId password in the PGP Bootguard screen, you will then be prompted with the
Windows login, where you will need to enter you new NetId password. After your device
communicates with the PGP universal Server the passwords will synchronize and subsequent
reboots and logins will only require one password.

During enrollment I get an "Unable to enroll", what does this mean?

The person attempting to enroll is not an authorized user of the service; please verify they have submitted a Data Encryption request form.

Why can’t I log into the PGP BootGuard Screen after changing my Netid password?

You will need to use your old NetID password at the PGP BootGuard screen.

Upon successful login into the PGP BootGuard screen, you will be presented with the standard windows login screen. You then login with your new NetID password. Upon successful login, PGP will synchronize your passwords.

Do I need to have whole disk encryption software installed?

Not everyone who has sensitive data should install desktop encryption software. The first step is knowing what data you have, and what levels of protection are required to keep the data safe.

Guidelines for handling confidential information:

  1. Delete
    Delete the files or securely archive confidential data that you do not need and that you do not have a legal obligation to preserve.
  2. De-identify
    If you must preserve the files, but the files no longer need to include confidential numbers, delete those numbers from the files. This process is called “de-identification,” and uncouples confidential numbers from other personal identifying information, such as names and addresses.
  3. Encrypt
    If you believe that you must retain files with the confidential information in place, you must obtain permission to do so from your supervisor. Examples of information include Social Security numbers, credit card numbers, trade secrets, medical records, disciplinary records, grades for assignments and courses, salary records, and tax records. Get explicit approval from your supervisor before considering any data encryption procedure.

Can I install PGP myself?

No. The PGP installation requires assistance by a trained technician.

I use the built-in Macintosh or Windows encryption. Can I continue using it instead?

Encryption built into Macintosh or Windows is generally not as comprehensive or easy to manage as the PGP encryption that ITS uses. We strongly recommend you use the ITS-managed PGP encryption per the University Endorsed Encryption Implementation Procedure.

Does PGP Whole Disk Encryption affect how I use any of my applications?

No. While you are logged in to your system, all applications, including email and other network software, run unaffected. The encryption/decryption is entirely transparent to application activity.

I have an older version of PGP installed, do I need to upgrade?     

Yes.  The old PGP Universal is being decommissioned.                                                                                   

Can I use my old PGP key in the new version?

No. The new version of PGP will only allow SCKM keys. The older version uses multiple keys that are not compatible with SCKM keys.  You can backup your private keys, import them, and store them locally for anything you may have encrypted with those keys, but going forward you will need to use the new key generated when enrolling with the new version.

I'm a Windows 64-bit user, can I use PGP Whole Disk Encryption?

Yes. PGP does support 64-bit versions of Windows XP and Windows Vista.

I'm a Macintosh OS X user, can I use PGP Whole Disk Encryption?                

Yes. However, PGP Whole Disk Encryption is only supported on Intel Macintosh devices.

Do Macintosh machines use Single Sign-on (SSO) as well?

No.  By default Macintosh machines are not tied to the Yale Active Directory, so you will have two passwords,  The PGP bootguard password and the machine login password.

How long will I have to be without my computer?

The process usually takes anywhere from 4-10 hours depending on the hardware and the amount and complexity of the data on the drive. The preferred method is to begin the process before you leave for the day and return the next morning.  You will not be able to use your device during this time.

Why does the process take so long?

To ensure that we minimize risk associated with software and hardware failures, we follow a vendor recommended process that includes: backing up your hard drive, checking the drive for defects, defragmenting the data on the drive, and finally encrypting the drive.

Will anything function differently?

Yes. When you boot the system, you will notice a PGP login screen where you enter your strong password. Once you are authenticated to the machine, you will be automatically logged into the operating system.

Deleting files on your computer may take a small amount of time longer because the software helps to ensure that the files are completely removed by wiping the hard drive space where the files were stored (commonly referred to as a scrubber or shredder). 

PGP also gives the ability to create encrypted ZIP files.

Will my computer be slower once it‘s encrypted?

Sometimes there is a (3% or less) reduction in computer speed. In general, this is unnoticeable on all but very old (more than 3 years) laptops.

If my hard drive is encrypted, will others have to decrypt files I send to them?

No. Your files will not be impacted as you transfer them in and out of Windows. The only time that encryption may become an issue is when you use PGP Zip files (as they are encrypted with the PGP software). Instructions are available

I store confidential data on my USB thumb drive and external hard drive. Can I encrypt my USB thumb drive or external hard drive using PGP?

Yes you can use PGP to encrypt most types of external hard drives and thumb drives. You will not be able to use the encrypted thumb drive or hard drive on a computer that doesn‘t have PGP installed on it.

Can I use a password on my USB thumb drive and external hard driveinstead of encrypting the drive with my private key?

Yes. This is an easier approach then using your private key to encrypt the drive, but it is considered to be “less” secure than public key encryption.

What if I need to let someone else use my computer? 

Additional users must be added to the list of PGP users.  Also, the user must login through the PGP software while the machine is online so their information may be properly stored and verified using the PGP key server.

My department has a shared laptop, how can everyone access it?  

Each person who will need to use the machine will need an account within the PGP software.

What is a PGP pass phrase?

In the process of installing and encrypting the entire PC disk, one or more pass phrases need to be set up to allow the machine to be booted. These phrases are set by the user during the encryption process. This is not the same thing as a Windows password when you use single sign on mode with PGP.

Do I have to remember a new passphrase in addition to my Windows login password?

No. The PGP Whole Disk Encryption login process replaces the need for you to log into Windows when
you turn on your computer, and your Windows and PGP Whole Disk Encryption passphrases are the
same. In the event you need to change your Windows password, or visa versa, PGP Whole Disk Encryption automatically synchronizes the passphrases in the background.

What happens if I forget my PGP Whole Disk Encryption passphrase?

If you forget your passphrase,

  1. Complete the PIN/Password request form.
  2. Contact the ITS Help Desk at 203-432-9000.
    Help Desk staff can issue a one-time-use recovery passphrase to you, which you can type in to regain access to your system. You should then immediately reset your passphrase according to the University’s password security guidelines.

Can I use PGP Whole Disk Encryption to encrypt removable media?        

It depends. Whole Disk Encryption should not be used for floppies, CDs, and DVDs. It can be used on USB drives.

Does the ITS backup service work with PGP?

Yes.  In fact, having an ITS backup account and a successful backup is mandatory prior to installing PGP.

Where can I get the PGP Whole Disk Encryption installation or user guides? 

All instructions and documentation can be found on the Data encryption service website.

Can I still put my PGP Whole Disk Encryption–protected laptop into hibernation or standby
modes?

Yes.  PGP Whole Disk Encryption supports Windows hibernation and standby modes. When you bring
your system out of hibernation, PGP Whole Disk Encryption will require you to authenticate before you
can access Windows.

Can I use Ghost to image a machine that has PGP WDE installed on it?    

No.

What else can I do to help prevent a data security breach?

  • Protect your computer from physical loss or theft at all times. Take reasonable steps to limit physical access to your computer hardware as well as your computer data.
  • Do not write down your PGP Whole Disk Encryption passphrase—anywhere.
  • Do not transfer university data to non-university systems or removable storage devices (i.e., CDs, USB drives, etc). Unless otherwise identified, all information shall be assumed to be of “internal use only.”
  • Laptops and Tablet PCs will receive operating system and virus protection updates when connected to the Yale University network via an ethernet cable or a wireless connection. Weekly, at a minimum, your laptop should be connected to the Yale University network to receive these updates.
  • Beware of links sent to you in chat sessions or posted on web sites. Be cautious when viewing email attachments.
  • Use strong passwords and change your passwords often.
  • Staff members are expected to maintain confidentiality of university internal use and confidential data.

Who do I contact with questions or for assistance?

For further information about the rollout and use of PGP Whole Disk Encryption, please contact the ITS Help Desk at 203-432-9000 or helpdesk@yale.edu

Jump to top.

Last modified: Friday, 17-Sep-2010 11:03:07 EDT. (jj)