BUG REPORT: The feature "Lock device as read-only" doesn't work if the managed Universal server is unreachable
|Article:TECH200734|||||Created: 2012-12-11|||||Updated: 2012-12-11|||||Article URL http://www.symantec.com/docs/TECH200734|
There is an internal user policy on Universal server that can be configured to automatically encrypt a removable device or lock it as read only if the device cannot be encrypted.
"Lock device as read-only and provide users with the option to encrypt with PGP Whole Disk Encryption (Windows clients only)"
This policy only works if the Universal server is online and reachable.
If Universal is offline, data can be written to the device although the policy is enabled and the device should be locked for write access.
The defect is present in PGP Universal and PGP Desktop versions below 3.2.1 MP5/10.2.1 MP5 (build 5033).
This issue was solved in 3.2.1 MP5/10.2.1 MP5 and above.
New versions will now properly lock the device as read only if it cannot be automatically encrypted.
The release notes write:
2950245: Resolved the issue so that inserted removable devices are write-protected if the user fails to select an option from the encryption dialog box within 120 seconds or when PGP Universal Server is not reachable.
Article URL http://www.symantec.com/docs/TECH200734