using a customized installer with "Preset Group Policy" and Directory Synchronization enabled

Article:TECH183908  |  Created: 2012-03-15  |  Updated: 2012-10-10  |  Article URL http://www.symantec.com/docs/TECH183908
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution

Issue



Beginning with PGP Universal 3.2.0 the functionality of choosing preset group policy when downloading and customizing an installer package for PGP Desktop in conjunction with utilizing Directory Synchronization is no longer supported. The option remains possible but the effected group policy defaults to the "Everyone" Group despite the choices made in the custom installer window.


Error



 "Requested group policy '#######-####-####-####-############' does not match returned group policy '$$$$$$$-$$$$-$$$$-$$$$-$$$$$$$$$$$$' "

and

"Mismatched group policy is usually caused by previous enrollment  with a different group policy"

Usually show in the PGP desktop client logs after install and attempts to update policy.


Environment



Universal 3.2.x

PGP Desktop client with enabled "Preset Group Policy"

Directory Synchronization enabled on Universal server


Cause



 Directory Synchronization was determined to have precedence over preset group policy.


Solution



 To avoid having users put in the wrong policy group either use directory synchronization or preset policy from the custom installer. Do not utilize both.

 

This is also documented in the Universal 3.2.1 admin guide:

Note: If you are using Directory Sync to apply policy, do not use Preset Group Policy. Directory Sync will always override the Preset Group Policy.




Article URL http://www.symantec.com/docs/TECH183908


Terms of use for this information are found in Legal Notices