HOW TO: Re-enroll Symantec Encryption Desktop for Windows Clients


Article ID: 180181


Updated On:


Drive Encryption Encryption Management Server




This article describes how to re-enroll Symantec Encryption Desktop (previously PGP Desktop) for Windows clients.

For information on how to re-enroll Symantec Encryption Desktop for Mac clients, please see the following document:

Enrollment is the binding of a computer with Symantec Encryption Desktop client software to a Symantec Encryption Management Server (SEMS - formerly known as PGP Universal Server).  After a client is bound to the server, it receives feature policy information from the Symantec Encryption Management Server.

It is occasionally necessary to re-enroll a Symantec Encryption Desktop Client computer. Re-enrolling a client often assists in troubleshooting when enrollment fails with an error or when users are placed in the incorrect policy. There are a few different methods to attempt this, each with their own limitations and risks. Please make sure you understand the consequences of doing each step before you attempt it.


Note: If you are enrolling SED 10.3.2 clients, TLS 1.0 is required to be enabled or enrollment will not succeed.  SED 10.4 and above clients use TLS 1.2.

Some of the reasons for re-enrolling a client:

  • Enrollment fails
  • Enrollment succeeds but there are Symantec Encryption Desktop errors
  • Symantec Encryption Desktop settings during enrollment are incorrect
  • Symantec Drive Encryption (formerly known as PGP Whole Disk Encryption) did not start because of policy or attribute misconfiguration
  • If you are having a problem enrolling a client or if PGP Desktop is not acting as expected


To re-enroll a Symantec Encryption Desktop client:

  1. Click the Symantec Encryption Desktop Tray icon in your system tray and select Exit PGP Services.
  2. Navigate to %APPDATA%\PGP Corporation\PGP\ and delete the PGPPrefs.xml and PGPPolicy.xml files.

    This deletes the preferences file and allows you to start with new settings.
  3. Restart the services by clicking Start > All Programs > Startup > PGPtray


The Symantec Enrollment Assistant will start up and begin the re-enrollment process.