This article describes how to disable the auto-login feature to Windows, but still allow PGP Whole Disk Encryption to utilize the SSO functionality.
Note: This article applies to PGP Desktop 9.7 and above running on Windows 2000, Windows XP, Windows Vista, and Windows 7. Windows 7 is supported on PGP Desktop 9.12 and above.
PGP Whole Disk Encryption version 10.2.2599 (MP5) through 10.2.1.4461 does not support the ability to disable auto-logon functionality. This issue has been resolved in 10.2.1.4869 (MP2) and above.
PGP Whole Disk Encryption
Single Sign-On allows you to synchronize your Windows password with your PGP Whole Disk Encryption passphrase. Then, at boot time, the PGP Whole Disk Encryption Single Sign-On feature automatically logs in to the Windows session for you.
The auto-login functionality of the PGP Single Sign-On feature can be disabled by adding a new registry entry to Windows.
Use the following steps to disable the PGP Single Sign-On auto-login functionality:
Warning: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. For more information on backing up the registry see the following article on the Microsoft support site: How to back up and restore the registry
Windows 32-bit and 64-bit:
***NOTE*** Entering the below registry fix in Wow6432node will not work. Please use the registry path as specified below:
- Open the Windows Registry Editor Windows XP (Start>Run>regedit) / Windows Vista & 7 (Start > Search programs and files > regedit.)
- Browse to the following location HKEY_LOCAL_MACHINE>SOFTWARE>PGP Corporation>PGP.
- Right-click within the PGP folder and click New.
- Select String Value, and name the string DISABLEWDESSO.
- Right click the string and select Modify.
- In the Value Data field, enter a value of 1 and click OK.
- Close the Windows Registry Editor.
Once the system is rebooted, the user experience is as follows:
1. User is presented with the PGP BootGuard Screen.
2. User enters the passphrase and presses enter to boot.
3. Boot process will stop at the Windows Logon and the user must manually login.
4. If user changes the passphrase via CTRL+ALT+DEL screen, the passsphrase will synchronize automatically to the PGP SSO user. If CTRL+ALT+DEL is not used to change the passphrase, the user must reboot once and enter the original Whole Disk passphrase. Once the user logs in to Windows with the new password, this will then be synchronized with PGP Whole Disk, and the second PGP BootGuard screen will use the new passphrase.