search cancel

Symantec Endpoint Encryption Registered users are not being reported to the SEE Management server

book

Article ID: 173881

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

Symantec Endpoint Encryption can be installed on a system to encrypt the machine.  When individual users login, these users are automatically registered to the Drive Encryption User Access List.  These registered users are subsequently reported to the server so SEE Management Server Administrators can run reports to see which users are registered on various systems.

In some cases, these registered Drive Encryption users are not being reported to the server.

Cause

It has been observed that in some cases where these locally-registered Drive Encryption users are not registered to the SEE Management Server, indicating there may be problems with the machine.  Upon further review, the registered users actually are registered, but due to connectivity issues, these users are not being uploaded to the server.

In HKEY_LOCAL_MACHINE\SOFTWARE\Encryption Anywhere\Hard Disk\Users\User, each of the users will appear who have registered on the system *and* when connectivity to the Domain Controller is successful.

Symantec Endpoint Encryption also uses Windows APIs to allow these registered users to be uploaded to the server.

Although SEE has access to its own registered user's list, when communication issues happen such as the host machine not being able to connect to the Domain Controller, these users may not be able to be sent to the server.

 

 

 

Resolution

In order to ensure these registered are reported to the server, check to ensure the machine where SEE Client is installed can update GPO from the Domain Controller.

To test connectivity, open a command prompt and run the following command:

gpupdate /force

The client will list "Updating policy..." and once successful, a message similar to the following should be displayed:

"Computer policy update has completed successfully"

If the client is not able to successfully update policy from the Domain Controller, this should be corrected.

 

Another test that can be run is using a utility called WBEMtest, which uses similar WMI calls that SEE uses to send these registered users to the SEE Management Server.

To test with WBEMtest, run through the following steps:

  1. Obtain WBEMTest utility "Windows Management Instrumentation Tester":
  2. Run the utility as SYSTEM
  3. Click on Connect and the namespace "root\cimv2".
  4. Leave the default settings, and click Connect
  5. Click on Query button, and in the Enter Query field, enter:    select * from Win32_UserAccount
  6. Click Apply

This should display a list of the users found on the machine.  If not, either the application was not ran under the SYSTEM context, or there is a problem pulling the user details.

If these expected users on the machine\domain are appearing, and users are still not being sent to the server, contact Symantec Support for further information.

Caution: Running as SYSTEM account may be against the organization's security policy, check with your security group to ensure this is okay to run on your systems.  Running under the SYSTEM context is commonly disabled for regular users, even with Administrative permissions.