Symantec Endpoint Encryption Client machines do not respond to remote decryption commands as expected

Article:TECH197693  |  Created: 2012-10-01  |  Updated: 2013-09-17  |  Article URL
Article Type
Technical Solution



It has been observed that clients may not respond to remote decryption commands issued by Server Commands or GPO if no user is logged onto the machine at the time of the policy application. Once a user logs into Windows the decryption process begins and completes normally however.



To workaround this behavior an executable has been added to the client installers that will load to:

Program FIles > Symantec Endpoint Encryption Clients > Client Console > EAFRCliSyncComputerPolicies.exe

This .exe can be run remotely to force the decryption process to start without the requirement for user logon. This executable must be run after application of the policy meaning that the GPO must be applied or the machine must check-in once to receive a Native Policy. One example of a tool that could be used to execute this is Microsoft's "psexec", described at the location below:

This behavior is under investigation at this time.


Remote Decryption .docx (24 kBytes)

Supplemental Materials


Article URL

Terms of use for this information are found in Legal Notices