HOW TO: Enable Silent Enrollment for Symantec Encryption Desktop

Article:TECH149857  |  Created: 2010-06-22  |  Updated: 2013-12-05  |  Article URL
Article Type
Technical Solution


This article details how to enable silent enrollment for Symantec Encryption Desktop application (previously PGP Desktop).


PGP Universal server 3.2.x

Symantec Encryption Management Server 3.3.x

Microsoft Windows Family Operation Systems


Silent enrollment reduces the number of screens your users must navigate during enrollment with Symantec Encryption Management Server. Only essential Setup Assistant screens appear during enrollment. Silent enrollment suppresses non-essential screens and uses default settings. Enrollment using SKM key mode is completely silent as users are not prompted for key creation.

Silent enrollment requires the use of the LDAP Directory Synchronization feature.

To enable Silent enrollment

  1. Login to the Symantec Encryption Management Server (previously PGP Universal Server) admin interface.
  2. If Directory Synchronization is currently not enabled, click Consumers > Directory Synchronization and then click Enable.
  3. On the Directory Synchronization screen, click Settings.
  4. Place a checkmark next to Enroll clients using directory authentication and then click Save.
  5. Enable Silent Enrollment for the users policy by clicking Consumers > Consumer Policy and then selecting the desired policy.
  6. Click Desktop next to PGP Desktop. The PGP Desktop options are displayed.
  7. Scroll down and place a checkmark next to Enable Silent Enrollment.
  8. Download the client installer by selecting Consumers > Groups and then clicking Download Client. The Download PGP Clients screen is displayed.
  9. Select the Client, Platform, Language, and then place a checkmark next to Customize.

    Note: You can select the client to use Auto-detect Policy Group or specify a Preset Policy Group.
  10. Click Download and specify a location for the installer file.
  11. To install the client with silent enrollment, use the following msi switch:

msiexec /i C:\pgpdesktop.msi  PGP_INSTALL_DISABLESSOENROLL=0

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices