Still Prompted to Enter LDAP Credentials Even if Invisible Silent Enrollment is Used


Article ID: 155756


Updated On:


Symantec Products


Symantec™ Encryption Desktop (Formally PGP Desktop) includes functionality to use user credentials to enroll the user behind the scenes, thus eliminating any user intervention during the enrollment process. This feature is called Invisible Silent Enrollment (also sometimes called Super Silent Enrollment).

Even when using this string, a user may still be prompted to enter his/her credentials during enrollment.


Invisible Silent Enrollment incorporates using install strings with msiexec. If another install string is being used “PGP_SILENT_FORCE_LDAP=1 this will negate the PGP_INSTALL_DISABLESSOENROLL=0, thus causing the enrollment credential pop-up.

Using PGP_SILENT_FORCE_LDAP=1 should be used if the user needs to authenticate to the Symantec PGP Universal Server with different credentials other than the windows password that may have been used to login, however if this is used with the Invisible Silent Enrollment, this will prompt the user for the credentials.


Remove the PGP_SILENT_FORCE_LDAP=1 from the install string to resolve this.