HOW TO: Enable Silent Enrollment for Symantec Encryption Desktop
|Article:TECH149857|||||Created: 2010-06-22|||||Updated: 2014-10-01|||||Article URL http://www.symantec.com/docs/TECH149857|
This article details how to enable silent enrollment for Symantec Encryption Desktop application (previously PGP Desktop).
PGP Universal server 3.2.x
Symantec Encryption Management Server 3.3.x
Microsoft Windows Family Operation Systems
Silent enrollment reduces the number of screens your users must navigate during enrollment with Symantec Encryption Management Server. Only essential Setup Assistant screens appear during enrollment. Silent enrollment suppresses non-essential screens and uses default settings. Silent Enrollment is supported on both Windows and Mac Operating Systems, but is not supported on Linux clients.
Silent enrollment requires the use of the LDAP Directory Synchronization feature.
To enable Silent enrollment
- Login to the Symantec Encryption Management Server (previously PGP Universal Server) admin interface.
- If Directory Synchronization is currently not enabled, click Consumers > Directory Synchronization and then click Enable.
- On the Directory Synchronization screen, click Settings.
- Place a checkmark next to Enroll clients using directory authentication and then click Save.
- Enable Silent Enrollment for the users policy by clicking Consumers > Consumer Policy and then selecting the desired policy.
- Click Desktop next to PGP Desktop. The PGP Desktop options are displayed.
- Scroll down and place a checkmark next to Enable Silent Enrollment.
- Download the client installer by selecting Consumers > Groups and then clicking Download Client. The Download PGP Clients screen is displayed.
- Select the Client, Platform, Language, and then place a checkmark next to Customize.
Note: Select the client to use Auto-detect Policy Group (Preset Policy is only used if no LDAP Enrollment is being used).
- Click Download and specify a location for the installer file.
- Upon reboot after installation, the enrollment wizard will be displayed. Enter the username and password associated to the user.
- When using Silent Enrollment, only one Keymode should be configured in the policy. Because the Silent Enrollment wizard eliminates certain portions of the normal enrollment wizard, select only the keymode that is intended on being used.
- Key Reconstruction can be enabled for Silent Enrollment, however this will add additional windows to the enrollment screen.
- Enrollment using SKM key mode is completely silent as users are not prompted for key creation.
- Enrollment using GKM will use the Windows password as the passphrase of the key. Although this is done automatically, when the Windows password is changed, the passphrase for the GKM key remains unchanged.
- Silent Enrollment is not to be confused with Invisble Silent Enrollment. Invisible Silent Enrollment eliminates the actual enrollment prompt, such that the user would not be prompted to enroll and is done behind the scenes. For more information on Invisible Silent Enrollment, see article HOWTO77014.
Article URL http://www.symantec.com/docs/TECH149857