BUG REPORT: The feature "Lock device as read-only" doesn't work if the managed Universal server is unreachable

Article:TECH200734  |  Created: 2012-12-11  |  Updated: 2012-12-11  |  Article URL http://www.symantec.com/docs/TECH200734
Article Type
Technical Solution


There is an internal user policy on Universal server that can be configured to automatically encrypt a removable device or lock it as read only if the device cannot be encrypted.

"Enable automatic encryption or locking of removable devices"
"Lock device as read-only and provide users with the option to encrypt with PGP Whole Disk Encryption (Windows clients only)"

This policy only works if the Universal server is online and reachable.
If Universal is offline, data can be written to the device although the policy is enabled and the device should be locked for write access.


The defect is present in PGP Universal and PGP Desktop versions below 3.2.1 MP5/10.2.1 MP5 (build 5033).



This issue was solved in 3.2.1 MP5/10.2.1 MP5 and above.

New versions will now properly lock the device as read only if it cannot be automatically encrypted.

The release notes write:
2950245: Resolved the issue so that inserted removable devices are write-protected if the user fails to select an option from the encryption dialog box within 120 seconds or when PGP Universal Server is not reachable.

Supplemental Materials


Article URL http://www.symantec.com/docs/TECH200734

Terms of use for this information are found in Legal Notices