File Share Encryption

Hello PGP Community,

Im in the process of configuring our environment for ByPass Restarts for a small group of clients and have a few issues that hopefully someone can assist with.  Our server is currently on version 3.1.2 Build (36).  We have around 1800 PGP users and about 1400 WDE Computers.  

1.  Per documentation from the PGP_WDE_Authenticated_Restart_Bypass.pdf.   the range for allowed ByPass restarts is 1 - 4294967295.  On my XML Preferences for my "Test Bypass" Consumer Policy, i cant set the integer past 214000000.  I Highly doubt that any of our clients will ever reach this number during the course of its life span.  I'm throwing this "issue" in as it could possibly hint at issue #2...

2.  During testing, I was able to set my Consumer Policy's ByPass Restart to 50.  I was able to successfully enable ByPass Restarts on two clients to 50 as well.  After successfully setting the maximum integer to 214000000 on my Consumer Policy, i can still ONLY set the max number of restarts to 50 on the client.  

Does anyone have any ideas on what could be causing the conflict even though i adjusted my ByPass Restarts integer from 50 - 214000000?  Thanks in advance.  

I am moving this thread to the PGP forums for better exposure.

Have you Updated client policy after modify customer policy?

What happens when you set the max number of restarts more than 50 on the client? whats the error? I guess you are using pgpwde command line.

Do you see "wdeMaximumBypassRestarts" entry client side ? PGPpolicy.xml ? PGPprefs.xml?

I have found this information:

wdeMaximumBypassRestarts
Integer
Valid Values:1,999

Hi Julian thanks for the reply...

- Yes I have updated client policy.

- When i set the number greater than 50 i get the following error using pgpwde command line...

C:\Program Files (x86)\PGP Corporation\PGP Desktop>pgpwde --add-bypass --disk 0 --count 51 --admin-authorization --interactive

I dont think you are having policy update problems, you can check that in desktop logs anyway (Tools, view log , inmediately after updating policy)

I do  think there is a data mismatch between consumer and client policy, maybe a problem with the var type or something. Perhaps we have discovered a bug...

What if you set wdeMaximumBypassRestarts to a small number, like 1000 ?
update policy on the client and check

 Suppose this does not work ..what if you re enroll the user ?

• close pgp services and app, delete %appdata%\pgp corporation.
• Enroll the user and check value of  wdeMaximumBypassRestarts in prefs.xml

So setting the integer to 1000 and updating the client policy did not change my PGPprefs.xml file nor did it allow me to set past 50.  

I exited PGP services, renamed the existing pgp corporation folder and restarted services.  After enrollment i checked the prefs.xml file from the newly created pgp corporation folder and my WdeMaximumBypassRestarts is still set to 50.

...OK I think I'm getting closer

I have 9 groups set up in which all 9 are associated with its own consumer policy.  I had my ByPass Group set to Priority 2 and my Admin group set to priority 1.  Im a member of both groups.  I changed the priority order so that my ByPass Group is now priority 1.  When i update policy, my pref file now reflects the maximum number change.

On my Admin group, i do not have WdeMaximumBypassRestarts configured.  I switched the priority order again to test but its still changing to 50 on my pref file.  In consumer policy i even set the pref name: wdeMaximumBypassRestarts to delete just to be certain but when i switch the priority back so that my Admin group is 1, my pgppref.xml file still updates to 50.

I switched the priority back so that my ByPass group is now 1.  Update policy and my pref file shows the changes.

When i goto my command line to set the bypass i am now again getting "Error code -12198: Not permitted by your Administrator" but this time no matter what i set my bypass number to.

There is a known issue that was fixed in 10.2/3.2 MP4:

Max bypass count allowed is 50

Mp4 is build 2526 (for your reference).