Enabling or Disabling Functionality with Symantec Encryption Management Server Consumer Policy - PGP Server Consumer Policy
search cancel

Enabling or Disabling Functionality with Symantec Encryption Management Server Consumer Policy - PGP Server Consumer Policy

book

Article ID: 180722

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

Symantec Encryption Management Server (PGP Server) has the ability to manage different functionality centrally.  This functionality includes File Share Encryption, Drive Encryption, PGP Zip, and PGP Messaging (Email Encryption).  Based on which components are enabled will determine which "Flags" are enabled on each user's individual key for the Consumer Policy they are part of.

For example, if you have a user in a Consumer Policy that has all the features enabled, and you check the user's key properties in PGP Desktop, all the Flags will be enabled:

You may have some keys that do not have all flags enabled:

 

If you are trying to perform an action on a key, but the flag is missing, you may run into a failure.  For example, if you are trying to encrypt a Network Share with File Share Encryption, and the "File Share Encryption" flag is not checked for the user, you could run into issues.  The user missing the flag needs to have the component enabled in their Effective Consumer Policy before this flag will appear.

This article will discuss how to make this happen.

Resolution

In the example above, File Share Encryption may not be enabled.  To ensure File Share Encryption has been enabled for the user, first find the user under "Consumers" and then "Users.

Find the user in question and click on them.  Then click on the "Groups" card on the user's properties page.  In this example, we will have a group called "File Share Encryption":

Note: It is possible for a user to be part of multiple groups, but only one "Effective Policy Group".  This means the consumer policy will be applied to this group.  

Now click on the "File Share Encryption" group on the Groups card, and it will take you to the group and you will see the associated Consumer Policy.  In this example, we have a Consumer Policy called "File Share Encryption Policy":

Now click on the "File Share Encryption Policy" and this will take you to the actual consumer policy where you can ensure File Share Encryption is enabled.

Click on the button "Desktop" to go into the Desktop settings:

Now click on the "File Share" tab and then make sure the box is checked that enables File Share Encryption for this consumer policy:

Now that you have determined the user, and the Group the user is part of, and the Effective Group Policy, and have enabled File Share, once you update policy on the user's system, this should then update the File Share Encryption flag for the user:

In the example above, this user has the Email Encryption, PGP Zip, and PGP Messaging flags enabled. If you wanted to enable the Drive Encryption flag as well, simply follow the same steps above and enable it.

You can enable/disable anything that is needed.  As long as you own the license SKU for the product, this is a way to centrally manage the settings needed. 

 

If you run into any further questions or concerns, reach out to Symantec Encryption Support for further guidance.