This issue affects PGP Desktop 9.0.0 - 9.0.2 clients managed by a PGP Universal Server with a policy configured to automatically encrypt the boot volume upon install.
If one user enrolls and the disk is encrypted and then another user account is added to the same system, conflicts with Whole Disk Encryption will arise. This issue exists in PGP Desktop 9.0.0, 9.0.1 and 9.0.2 with PGP Universal Server 2.0.0, 2.0.1 and 2.0.2. The issue is resolved by upgrading to PGP Desktop 9.0.3+ and PGP Universal Server 2.0.3+.
The result is that neither user will be able to boot up the system. This disk becomes totally inaccessible.
In order to add multiple users, the initial user passphrase is required. Therefore, the system should not even allow secondary users to enroll.
Rather than use the PGP Universal Server setting to Automatically encrypt boot volume upon installation, disable this setting, and manually encrypt the drive on the client:
Alternatively, do not enroll multiple users on the same system when auto encrypting the boot volume is enabled.
|Note: This issue can also be reproduced if the administrator deletes the user from the PGP Universal Server and removes the preference file from the client without decrypting the drive first. Removing the user in this way will trigger enrollment to happen again which in effect creates multiple users for the account and results in loss of accessibility to the disk.|