Still Prompted to Enter LDAP Credentials Even if Invisible Silent Enrollment is Used

book

Article ID: 155756

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Symantec™ Encryption Desktop (Formally PGP Desktop) includes functionality to use user credentials to enroll the user behind the scenes, thus eliminating any user intervention during the enrollment process. This feature is called Invisible Silent Enrollment (also sometimes called Super Silent Enrollment).

Even when using this string, a user may still be prompted to enter his/her credentials during enrollment.

Cause

Invisible Silent Enrollment incorporates using install strings with msiexec. If another install string is being used “PGP_SILENT_FORCE_LDAP=1 this will negate the PGP_INSTALL_DISABLESSOENROLL=0, thus causing the enrollment credential pop-up.

Using PGP_SILENT_FORCE_LDAP=1 should be used if the user needs to authenticate to the Symantec PGP Universal Server with different credentials other than the windows password that may have been used to login, however if this is used with the Invisible Silent Enrollment, this will prompt the user for the credentials.

Resolution

Remove the PGP_SILENT_FORCE_LDAP=1 from the install string to resolve this.