If a Windows machine running Encryption Desktop with an embedded policy is re-enrolled, the embedded policy remains.

For example, Windows clients may be configured initially with an embedded policy if they do not have a network connection to an Encryption Management Server. At a later date, the network connectivity may become available and the clients will therefore be re-enrolled to an Encryption Management Server so that they become managed clients.

The normal method of re-enrolling involves the following:

• Right clicking on the PGP Tray and choosing Exit PGP Services
• Deleting the PGP Corporation folder under %appdata%
• Deleting the PGP folder under Documents
• Starting PGP Tray

However, this method will result in the embedded policy remaining.

Symantec Encryption Desktop 10.3.2 MP13 and above.

When Encryption Desktop is enrolled with an embedded policy the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml is created. If this file is not removed prior to re-enrollment the embedded policy will remain in place.

Prior to re-enrolling Encryption Desktop, delete the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml.