If a Windows machine running Symantec Encryption Desktop with an embedded policy is re-enrolled, the embedded policy remains.
For example, Windows clients may be configured initially with an embedded policy if they do not have a network connection to a Symantec Encryption Management Server. At a later date, the network connectivity may become available and the clients will therefore be re-enrolled to a Symantec Encryption Management Server so that they become managed clients.
The normal method of re-enrolling involves the following:
Right clicking on the PGP Tray and choosing Exit PGP Services
Deleting the PGP Corporation folder under %appdata%
Deleting the PGP folder under Documents
Starting PGP Tray
However, this method will result in the embedded policy remaining.
When Symantec Encryption Desktop is enrolled with an embedded policy the file C:\Users\All Users\PGP Corporation\PGP\PGPAdmin.xml is created. If this file is not removed prior to re-enrollment the embedded policy will remain in place.
Prior to re-enrolling Symantec Encryption Desktop, delete the file C:\Users\All Users\PGP Corporation\PGP\PGPAdmin.xml.
This was observed in the following environment but will also occur with other releases:
Windows 7 SP1 64-bit Enterprise
Symantec Encryption Management Server 3.3
Imported Document ID: TECH211437
Subscribing will provide email updates when this Article is updated. Login is required.