WDE-ADMIN Account Cannot Log in to Multiple Domains
search cancel

WDE-ADMIN Account Cannot Log in to Multiple Domains


Article ID: 153430


Updated On:


Symantec Products


When attempting to login using an account in the WDE-ADMIN group for multiple domains, the WDE-ADMIN account cannot perform any pgpwde command line commands.


This can occur when the WDE-ADMIN group of multiple domains is not a member of a Universal Group. The WDE-ADMIN group must be Universal Group to login to multiple domains in a forest. For more information on Active Directory Groups and their scope, click here for a Microsoft TechNet article.

Creating an WDE-ADMIN group account allows you to:

  • Log in remotely to perform PGP WDE maintenance tasks (using the pgpwde command line).
  • Use SMS or other tools to perform PGP WDE maintenance.
  • Use pgpwde to perform Active Directory authentication to ensure only authorized administrators can access users' systems. (Note that the system must be connected to the network and Active Directory must be running.)