This issue affects PGP Desktop 9.0.0 - 9.0.2 clients managed by a PGP Universal Server with a policy configured to automatically encrypt the boot volume upon install.
If one user enrolls and the disk is encrypted and then another user account is added to the same system, conflicts with Whole Disk Encryption will arise. This issue exists in PGP Desktop 9.0.0, 9.0.1 and 9.0.2 with PGP Universal Server 2.0.0, 2.0.1 and 2.0.2. The issue is resolved by upgrading to PGP Desktop 9.0.3+ and PGP Universal Server 2.0.3+.
The result is that neither user will be able to boot up the system. This disk becomes totally inaccessible.
In order to add multiple users, the initial user passphrase is required. Therefore, the system should not even allow secondary users to enroll.
Rather than use the PGP Universal Server setting to Automatically encrypt boot volume upon installation, disable this setting, and manually encrypt the drive on the client:
Change the PGP Universal policy setting to disable Automatically encrypt boot volume upon installation. This is found under the Policy and then User Group tabs. Then select the applicable user group and click on PGP Desktop Settings. The option is found near the bottom under PGP Whole Disk Options.
Install PGP Desktop on the client
Open PGP Desktop on the client and manually start Whole Disk Encryption.
Add multiple users to the Whole Disk Encrypted Drive
Alternatively, do not enroll multiple users on the same system when auto encrypting the boot volume is enabled.
Note: This issue can also be reproduced if the administrator deletes the user from the PGP Universal Server and removes the preference file from the client without decrypting the drive first. Removing the user in this way will trigger enrollment to happen again which in effect creates multiple users for the account and results in loss of accessibility to the disk.
Imported Document ID: TECH148923
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.