How to re-enroll Encryption Desktop for Windows Clients
search cancel

How to re-enroll Encryption Desktop for Windows Clients


Article ID: 180181


Updated On:


Drive Encryption Desktop Email Encryption File Share Encryption Encryption Management Server


The enrollment is the process of registering the PGP client with Symantec Encryption Management Server (PGP Server).  After a PGP client is registered with the PGP server, it receives policy updates from the server, updates logs to the server and can lookup PGP keys on the server.

Re-enrollment can fix a variety of issues and when there is some unusual behavior at play or if the Symantec Encryption Desktop (PGP Desktop) is not working correctly, sometimes the easiest solution is to re-enroll the client to PGP Server.  For example, if you right click on the PGP Tray applet from the notification area of the Windows taskbar, choose Update Policy and get an error, even though you are connected to the internal network, it may help to re-enroll the client.

This article covers Windows clients. For Mac clients please see article 155714.


Symantec Encryption Desktop 10.5 and above.


To re-enroll the Encryption Desktop client:

  1. Close Outlook if it is running.

  2. Right click the PGP Tray applet in the Windows taskbar notification area select Exit PGP Services. This will stop PGP Tray. If the Exit PGP Services option is missing, it means that the Encryption Management Server administrator has disabled it in policy. As an alternative you can open Task Manager and end task on any process beginning with PGP.

  3. Right click on the Windows start button, choose Run and enter %appdata% which will take you to the C:\Users\username\AppData\Roaming folder.

  4. Go inside the PGP Corporation folder and delete the PGPprefs.xml and PGPpolicy.xml files.

  5. Open the PGP Desktop client. This will automatically start PGP Tray. Alternatively, open the folder "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp" and open  the shortcut called PGPtray.exe.

  6. The enrollment assistant will begin. You will be prompted for your Windows username and password.

  7. When prompted, you would normally select the option that you have existing keys, keymodes, etc. and accept the default location of the keyring.
    Note: If you have lost your key passphrase you can choose to create a new key.  SKM is an ideal keymode to use because the end user does not need to remember a passphrase, while securely stores their key.

Additional Information

Issues that can be assisted with Re-enrollment:
*Key issues
*Decryption/Encryption issues
*Forceful checkin
*Unexplained behavior