If a Windows machine running Encryption Desktop with an embedded policy is re-enrolled, the embedded policy remains.
For example, Windows clients may be configured initially with an embedded policy if they do not have a network connection to an Encryption Management Server. At a later date, the network connectivity may become available and the clients will therefore be re-enrolled to an Encryption Management Server so that they become managed clients.
The normal method of re-enrolling involves the following:
However, this method will result in the embedded policy remaining.
When Encryption Desktop is enrolled with an embedded policy the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml is created. If this file is not removed prior to re-enrollment the embedded policy will remain in place.
Symantec Encryption Desktop 10.3.2 MP13 and above.
Prior to re-enrolling Encryption Desktop, delete the file %ALLUSERSPROFILE%\PGP Corporation\PGP\PGPAdmin.xml.