Symantec PGP WDE Setting up Bypass Script for Remote Machines


Symantec PGP WDE Setting up Bypass Script for Remote Machines


Security is always a concern for organizations especially when remote sites are involved. One of the ways this can be addressed is by using whole disk encryption (WDE). The big benefit of WDE is that prevents someone from gaining unauthorized access to sensitive data by pulling the hard drive out of a machine. For a program such as PGP, one item that comes with WDE is the something bootguard, which forces a user to enter in credentials to unlock the disk. For a network administrator, this can prove to be a challenge because it restricts network connectivity and can prevent access to the machine. However, PGP has an option to configure a bypass to get past the bootguard.

Scripting a PGP Bypass Script

The following below can be used in a batch file to create a bypass. Replace the word password with an administrative passphrase.

cd "Program Files (x86)PGP CorporationPGP Desktop"
PGPwde.exe --add-bypass --admin-passphrase "password"

Note: The PAUSE at the end is to see whether the command successfully executed, otherwise the command prompt will close immediately after the command has been executed.

Once the bypass has been added, a Bypass user active will appear under the list of PGP users. 

As every organization’s security requirements are different, it is important take caution when saving any password in a plain text or whether the script being created can be accessed by other users.

In some cases, it might make sense to create a New Passphrase User that has access to bypass PGP, but does not have access to log on to the machine. 

This scenario may apply if you have users at a remote site that assist with logging into something like a remote domain controller on a regular basis, but should not have access to log on to the machine.

If your user does not have access to use the bypass script, an error 12198 will appear.

Prompting for a Password: PGP Bypass Script

Via a post by one of my colleagues, you can use the following code to prompt you for a password so a password will not be saved in a batch file as plaintext.

SET /p PASSPHRASE="Enter Passphrase: " %=%
cd /d "%ProgramFiles(x86)%PGP CorporationPGP Desktop"
PGPwde.exe --add-bypass --admin-passphrase "%PASSPHRASE%"

Here is a screenshot showing what text to expect if the following set of commands is executed.

Additional Resources:

If you would like to find out more about Symantec PGP, visit 

Symantec’s documentation on creating a bypass:

More About the Author

Ideen Jahanshahi

Solutions Architect
Veeam NAS Backup: Integrating with Dell EMC Isilon Those of us who have been in the backup realm a long time remember when Veeam Backup and Replication (Veeam B&R) was one of the top ...
The InterWorks Approach to Great Consulting: Part 3 If you’ve been following along, you know that this blog miniseries is all about dissecting the shared traits that some of my most ...

See more from this author →

InterWorks uses cookies to allow us to better understand how the site is used. By continuing to use this site, you consent to this policy. Review Policy OK


Interworks GmbH
Ratinger Straße 9
40213 Düsseldorf
Geschäftsführer: Mel Stephenson

Telefon: +49 (0)211 5408 5301

Amtsgericht Düsseldorf HRB 79752
UstldNr: DE 313 353 072


Love our blog? You should see our emails. Sign up for our newsletter!