How to: Convert a Symantec Encryption Desktop (formerly PGP Desktop) Standalone installation package for Mac into a Managed Installation package.
Last Updated December 02, 2014
Standalone Client: Package that is not managed by a Symantec Encryption Management Server (SEMS, formerly PGP Universal Server). License information must manually be entered in order to use features of the Symantec Encryption Desktop (formerly PGP Desktop) client. Policies are managed on the standalone client itself.
Managed Client: Package created by SEMS in order for encryption policy to be managed by the SEMS.
SEMS, which is used in order to “Customize” the installation package of Encryption Desktop for Mac in order to be managed by SEMS. In order to customize a Symantec Encryption Desktop installation package, it is normally downloaded from SEMS by clicking a “Customize” checkbox. Once a Symantec Encryption Desktop package has been customized by SEMS, a “Stamp” entry is created, which would then allow the end user to be able to install and enroll to SEMS.
In order for the Encryption Desktop Standalone install package for Mac to be able to communicate with SEMS as a “Customized” install, the package itself can be modified. Once modified, the previously Standalone client can then go through the enrollment process and communicate with SEMS for policy.
Modifying the Symantec Encryption Desktop 10.x through 10.2.1 MP3 installation Package for Mac on a Windows system:
1.Obtain the PGP Desktop standalone installer. A Standalone PGP Desktop 10.2 installer file would typically take the form of “PGPDesktop10.2_MacOSX.tar.gz”
2.Extract the file until the PGP.pkg folder is available. It may take multiple extractions of the file. Use an extraction tool that supports many different zip/compression types such as 7zip, in order to extract “.tar.gz”, “.tar” and .dmg files. Once the the tar.gz are fully extracted, this should eventually yield a .dmg file. The 7zip utility can also be used to extract this type of file.
3.Once the .dmg file is extracted, a file “0.hfs” will be available, extract this file as well and a folder called “PGP Desktop” will be available—this is the folder that contains the installation package for PGP Desktop for Mac.
4.Open the PGP Desktop folder from the previous step and navigate to the PGP.pkg folder, then Contents, then Resources, and place a text file in the Resources folder called “policy.txt”.
5.In the policy.txt file, add the following line, which provides the logic for the client to communicate with PGP Universal Server:
Where “keys.example.com” is the FQDN of the PGP Universal Server.
TIP: It may be a good idea to locate the existing entry on another Mac client that is already managed by the PGP Universal Server. On the managed client, open terminal and type the following command:
Alternatively, go to a Mac client that has already been enrolled and simply copy the policy.txt file and place it in this directory.
7.The policy.txt file show now be in the PGP.pkg\Contents\Resources folder.
8.Now the PGP.pkg file can be used to perform the installation, which can now enroll to and be managed by, the PGP Universal Server.
Modifying Symantec Encryption Desktop 10.2.1 MP4 and above. Modification Steps for Mac OSX 10.8 and above:
With the new GateKeeper functionality built in to Mountain Lion (OSX 10.8), modifying requires new steps in order for the install to complete.
NOTE: Starting with versions 10.2.1 MP4 of the client installation package for Symantec Encryption Desktop, instead of "PGP" or "PGP Desktop", the new branding of the directories are now be called "Encryption Desktop". Instead of "PGP.pkg", the new branding will now show as "Encryption Desktop.pkg". Please be aware of this branding as the package is being modified.
1. Modify the Encryption Desktop.pkg file in the same manner as the above, but instead of placing the policy.txt file into Contents/Resources, place the file into Contents/_CodeSignature.
NOTE: The following Articles can be reviewed for modifying the Symantec Encryption stanalone clients to be managed for Windows and Linux Operating Systems:
TECH149792 - Manually modify a Windows Symantec Encryption Desktop stand alone client to enroll with Symantec Encryption Management Server.
TECH187507 - Convert a Symantec Encryption Desktop Standalone (unmanaged) client for Linux into a managed installation package.
TECH149851 - Manually Update a PGP Desktop 9.x for Mac OS X Stand Alone Client to be managed by a PGP Universal Server.
Imported Document ID: HOWTO77365
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe