Certain admin preferences changed via Policy with Symantec Encryption Management Server don't update the client on subsequent policy updates

book

Article ID: 160834

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server

Issue/Introduction

If you change a value such as the "Override default keyring locations" value or make a change using the Advanced XML preferences editor through the Administration Console. It doesn't show up on the client after a subsequent policy update.

Usually no error logged by the Symantec Encryption Desktop client. But the policy changes don't reflect accurately in the client.

Cause

This problem can occur if you have the option enabled via Consumer Policy which says "Allow user to change options".

If that option is unchecked (to disallow client to change options).  Then the user won't be able to update any preference that the administrator controls including the keyring location.  In this scenario any change made by the Administrator through the Symantec Encryption Management Server (SEMS) Administration Console will reflect in both the user and admin preferences after a policy update.

If that option is checked (to allow client to change options).  Then the user can change/override certain preferences. Including the keyring location.  In this scenario any changes made by the Administrator through SEMS Administration Console will reflect only in the admin preference (and not in the user preference) after a policy update.

If you re-enroll the client in either scenario. The user and admin preferences will be in sync but subsequent preference changes (by the User or the Administrator) and policy updates will result in a distinct set of user and admin preference settings.

Resolution

If you wish to have the Administrator enforce all policy and preference settings and override user set values. Then disable the option (uncheck) to allow user to change options. This will ensure that all preferences and policy changes made by the Administrator on the Administration Console of Symantec Encryption Management Server are enforced on the Symantec Encryption Desktop client.


Applies To

Symantec Encryption Desktop (previously PGP Desktop)

Symantec Encryption Management Server (previously PGP Universal Server)