Note: This is done as when the client enrolls it prompts to allow certificate. If we do not want any user inputs, we would want to publish the Symantec server certificate to all the domain clients before we create and deploy the package. Applying to the Default domain policy applies the certificate to all the clients. Doing this will make the clients aware of the Symantec server certificate and hence eliminate the need of prompting the user to allow the certificate. Below is the screen that the clients receive when they detect the Symantec encryption certificate.
Now when the users log into their PC, they won’t get to know the installation has begun. It will not restart the PC automatically as the “/norestart” switch will not allow the PGP automatic restart. Once the user restarts the PC and logs in again, then the second phase of the installation will continue (Enrollment) and in a minute or so the user will notice a notification in the system tray that the drive is being encrypted.