Last Use date of an Encryption Management Server user appears incorrect
search cancel

Last Use date of an Encryption Management Server user appears incorrect

book

Article ID: 175152

calendar_today

Updated On:

Products

Gateway Email Encryption

Issue/Introduction

The Last Use date of an Encryption Management Server internal user appears incorrect. It shows a recent date for a user who has left the organization.

Environment

  • Encryption Management Server 3.3.2 MP13 and above.
  • Encryption Desktop 10.3.2 MP13 and above.

Resolution

The Last Use date in the internal user record is updated when a user whose machine is running Encryption Desktop drive encryption synchronizes with Encryption Management Server:

  1. The Encryption Desktop log contains entries like this:
    14:42:51 PGP Info Beginning synchronization with configuration server keys.example.com
    14:42:52 PGP Info Completed synchronization with configuration server keys.example.com
  2. The Encryption Management Server Client log contains an entry like this:
    CLIENT-00000: authenticated internal Encryption Desktop 10.4.2.503 user user1 from [10.0.0.100] Thu 13 Jun, 2019 at 14:42:51 +01:00
  3. The Last Use date in the internal user record appears like this:
    Last Use: 13/06/2019

The Last Use date in the internal user record is also updated if the user:

  1. Sends an email message which is processed by Encryption Management Server operating as an email encryption gateway. In this scenario, the user does not have Encryption Desktop installed. Note that the email message does not need to be encrypted and/or signed by Encryption Management Server for the Last Use date to be  updated.
  2. Does a key search with Encryption Desktop on Encryption Management Server. Such key searches occur frequently when messages are encrypted or decrypted with Encryption Desktop. 

The Last Use date in the internal user record is not updated:

  1. If the user is listed as a drive encryption user in Encryption Desktop but is not logged into Windows. This will be the case if a machine has multiple user accounts registered for drive encryption. The Last Use date is updated only for the user who is logged into Windows with PGP Tray running.
  2. If Encryption Management Server processes an Inbound email message addressed to the user. Only Outbound messages cause the Last Use date to be updated.

Therefore, if the user record of a user who has left the organization some time ago has a recent Last Use date, it means that either:

  1. Another user has logged on to Windows as them and PGP Tray has started.
    or
  2. Encryption Management Server has processed an outbound email message sent from their email address.
Powered by Wolken Software