Skip Ribbon Commands
Skip to main content
PGP Desktop enables the activation of PGP Whole Disk Encryption.

Installation packages initially were generated using the PGP Universal Server to download customized PGP installer MSI files.  The Universal Server would apply a transform to the stock MSI, and then make the modified file available for download.  Unfortunately, this process did not also update the digital signature on the stock MSI.  The result is that the MSI file appears "tainted" to the Windows OS.  Nasty security warnings are generated by IE9 on MSI download, and again by Windows when the MSI is launched.  To combat this problem, we are now distributing the unmodified stock PGP installer, with a custom-built transform file (MST), contained within a self-extracting installer.

We will need to keep an eye on the PGP Desktop deployment guides as new versions are released to ensure that this process remains valid.

High-level process:
  • Download both a customized and stock PGP Desktop MSI files from the PGP Universal server.
  • Use the "SuperOrca" utility to discover the differences between the two MSI files:
     http://www.pantaray.com/msi_super_orca.html
    (at present the only changes in the transform file are to the "PGPstamp" and "PGPtrustedcerts" properties.)
  • Generate a transform based on these differences (note that the Universal Server modifies the product GUID, which is not necessary)
  • Use 7-zip to generate a self-extracting archive that executes msiexec with the "TRANSFORM=<file.mst>" property set.

A script that packages existing transform and msi files into a self-extracting archive is available here:
\\sysimg3\staging$\applications\pgp