Embedded Policy is not deleted when Encryption Desktop is re-enrolled


Article ID: 158506


Updated On:


Drive Encryption Encryption Management Server


If a Windows machine running Encryption Desktop with an embedded policy is re-enrolled, the embedded policy remains.

For example, Windows clients may be configured initially with an embedded policy if they do not have a network connection to an Encryption Management Server. At a later date, the network connectivity may become available and the clients will therefore be re-enrolled to an Encryption Management Server so that they become managed clients.

The normal method of re-enrolling involves the following:

  • Right clicking on the PGP Tray and choosing Exit PGP Services
  • Deleting the PGP Corporation folder under %appdata%
  • Deleting the PGP folder under Documents
  • Starting PGP Tray

However, this method will result in the embedded policy remaining.


When Encryption Desktop is enrolled with an embedded policy the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml is created. If this file is not removed prior to re-enrollment the embedded policy will remain in place.


Symantec Encryption Desktop 10.3.2 MP13 and above.


Prior to re-enrolling Encryption Desktop, delete the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml.