Symantec Ghost Console security

The Symantec Ghost Console Server and clients use public-key cryptography techniques to authenticate the server to the client. This ensures that only authorized servers remotely control, backup, restore, clone, and reconfigure client computers. During the Symantec Ghost Console Server installation, public and private certificate files are generated. These files are called Pubkey.crt and Privkey.crt.

These private certificates must be safeguarded. If an unauthorized user copies it, security is compromised. If you accidentally delete your private certificate and have no other copy, generate a new certificated pair and distribute the public certificate to all clients.

Generating new certificates

When a client communicates with the server, it uses a challenge-response protocol. The client must have the server's public certificate to perform this operation. Therefore, the server's public certificate must be distributed to all clients.

When the Console client is installed, it prompts for the Console computer name. This is the Windows computer name specified in Windows network settings. The client uses this name to communicate with the correct Console.

If the client computer is installed with a Ghost boot partition, you can generate a boot disk and a boot partition image file with the Ghost Boot Wizard. Use the wizard from the Console Server to ensure that the correct public certificate file is automatically included with all boot partition image files that include the Console client. If the client is installed with the virtual partition, this is done automatically.