Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Enrolling users.

Created: 22 Jun 2011 | 1 comment

I'm trying to enroll Active Directory users in to Universal Server and it's not going as well as I had hoped. So first off there are two ways to enroll, if I understand correctly.

1. Email

A user gets PGP Satellite installed, tries to send an email and gets automagically enrolled on the PGP server. Under this method an encryption key should be automatically generated for the user, emails encrypted and sent off. Awesome.  I was for a while able to enroll a test user to the PGP server, though a key was never generated and messages never sent. Now I cannot even enroll the person. The user does not show up and the log just says that it's waiting on a pending message. I went in to the server and approved all pending items for all users and nothing changed.

2. Active Directory

The way I understand this is supposed to work is that users in Active Directory are somehow enrolled at some point to the PGP server. That's all I know about it. Following the instructions for Active Directory enrollment provides me with no users on the PGP server, though I can view sample data. I don't know if there's some point at which the PGP server will go through Active Directory and start pulling users over to the PGP server or what. The admin guide covers setting up AD enrollment, but says nothing about how or when users are carried across.

So with what I currently know listed, let me explain what I'm trying to do. What I'd like to see is all of my ~150 or so users automatically created on the PGP server and keys generated. Is this unrealistic? Am I doomed to visit each user's desk?

Comments 1 CommentJump to latest comment

Sarah Mays's picture

The universal server does not 'pull' from AD all by itself. It needs someone to install PGP desktop on a client machine, after rebooting PGP Desktop will prompt the user to enroll, the user uses their AD credentials. PGP universal server then talks to AD and asks 1) is the user in a group? 2) is the user's credentials correct?

Once the user is matched correctly, PGP universal server will add the user to the server and map them to whatever policy you have configured for the matching AD group.