Symantec Endpoint Encryption Client machines do not respond to remote decryption commands as expected

Article:TECH197693  |  Created: 2012-10-01  |  Updated: 2013-09-17  |  Article URL http://www.symantec.com/docs/TECH197693
Article Type
Technical Solution

Product(s)

Issue



It has been observed that clients may not respond to remote decryption commands issued by Server Commands or GPO if no user is logged onto the machine at the time of the policy application. Once a user logs into Windows the decryption process begins and completes normally however.

 


Solution



To workaround this behavior an executable has been added to the client installers that will load to:

Program FIles > Symantec Endpoint Encryption Clients > Client Console > EAFRCliSyncComputerPolicies.exe

This .exe can be run remotely to force the decryption process to start without the requirement for user logon. This executable must be run after application of the policy meaning that the GPO must be applied or the machine must check-in once to receive a Native Policy. One example of a tool that could be used to execute this is Microsoft's "psexec", described at the location below:

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

This behavior is under investigation at this time.


Attachments

Remote Decryption .docx (24 kBytes)

Supplemental Materials

SourceETrack
Value2847117


Article URL http://www.symantec.com/docs/TECH197693


Terms of use for this information are found in Legal Notices