This article details how to add an additional or new user to an encrypted disk without using the passphrase for the existing user.
In a PGP Universal Server managed environment, you can add a new user to an encrypted disk by using the WDRT for the existing user for authentication at the PGP BootGuard screen and then adding a new user to the disk using the command line interface. This allows you to add a new user to the disk without needing to know the passphrase of the existing user.
Whole disk recovery tokens are associated with encrypted devices, not single computers or single users. If multiple users have accounts on the same device, they share the same whole disk recovery token. Whatever you do with the token affects all users sharing that device.
To add a new user to an encrypted disk
- Log into the PGP Universal Server admin interface.
- Click Consumers > Users and then browse for and select the existing user. The user information is displayed.
- Expand Whole Disk Encryption and click the icon in the WDRT column. The WDRT is displayed.
- Record the WDRT for the system and use the WDRT to authenticate at the PGP BootGuard on the client computer.
- On the client computer, open a Windows command prompt.
- Browse to the PGP Desktop directory: C:\Program Files\PGP Corporation\PGP Desktop (32-bit) or C:\Program Files (x86)\PGP Corporation\PGP Desktop (64-bit)
- Type pgpwde --add-user -u <username> --passphrase <passphrase> --rt <wdrt> and then press Enter.
The new user is added using the WDRT for authentication.