Symantec Endpoint Encryption Client machines do not respond to remote decryption commands as expected

book

Article ID: 157140

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

It has been observed that clients may not respond to remote decryption commands issued by Server Commands or GPO if no user is logged onto the machine at the time of the policy application. Once a user logs into Windows the decryption process begins and completes normally however.

 

Resolution

To workaround this behavior an executable has been added to the client installers that will load to:

Program FIles > Symantec Endpoint Encryption Clients > Client Console > EAFRCliSyncComputerPolicies.exe

This .exe can be run remotely to force the decryption process to start without the requirement for user logon. This executable must be run after application of the policy meaning that the GPO must be applied or the machine must check-in once to receive a Native Policy. One example of a tool that could be used to execute this is Microsoft's "psexec", described at the location below:

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

This behavior is under investigation at this time.

 

 

Attachments

Remote Decryption .docx get_app