We are preparing to deploy PGP Desktop in our environment. The first phase will be WDE on Windows laptop computers. Testing has gone fairly well for us until we started testing on laptops that are not on the domain and using local accounts to log into them. The desktop client is version 10.2.0 MP3.
I can’t seem to get the BootGuard passphrase to sync when I change the Windows password (CTRL+ALT+DEL) for a local Windows user account.
Details:
Installation package exported from US, with auto policy detection. Installed PGP Desktop by double clicking the .msi file on the laptop.
After installing PGP and rebooting I login with my local Windows user account (Administrator). I get the PGP Enrollment screen, authenticate with my AD credentials and then answer the LSR questions. The disk starts encrypting via the policy set on the Universal Server.
Wait for disk to encrypt.
When I reboot the computer I try to login at the BootGuard screen and fail to authenticate with the local user/password. I found that I have to use my AD passphrase with the local user account, SSO fails and then I can login with my local user credentials at Windows. I tried to change my Windows local user password via CTRL+ALT+DEL thinking this would re-sync the passwords. The BootGuard passphrase does not update to the new password. I still use my AD passphrase with the local user name. I dont want to deploy and encrypt as the actual user of the laptop if they will be forced to use the current AD password with a local user account for BootGuard.
I also added a second local user/password to Windows, added to local Administrators group, added as a passphrase user in PGP Desktop GUI.
Restart computer, login as ‘second’ local user account, enroll in PGP using my AD credentials. Restart, use local name/pass to login at BootGuard and SSO works and loads Windows. I change the password in Windows via CTRL+ALT+DEL, restart the computer and have to use the previous passphrase on the BootGuard screen. Passphrase did not update for BootGuard.
I found this article: http://www.symantec.com/business/support/index?page=content&id=TECH149470&actp=search&viewlocale=en_US&searchid=1348505658073
· PGPWDE01 file permission – Unable to check, access to permissions denied
· PGP Network Provider Order Connection – Tried moving PGPpwflt to top of the order
· Group Policy for Windows Logon Setting – Enabled Always wait for the network
· Interactive Logon: Do Not require CTRL+ALT+DEL – Have tried both ways
· Intel PROSet Wireless – Not installed
· USB Disk or SD card – none attached/inserted