Video Screencast Help

PGP and "Access this computer from the network"

Created: 16 Jan 2012

Experiencing this issue.  Wondered if anyone could provide anything meaningful.  Working with support has turned up nothing.  

Users that do not have the right “Access this computer from the network” are not able to install the SSO component during enrollment (fails to authenticate the user) …

…or update their PGP passphrase for WDE when the password is reset on a domain controller. The password will only update if an admin enforces “user must change password at next logon” and completes the task on the system with PGP wde/sso installed/enrolled.  Alternatively, allowing the user right “Access this computer from the network” will allow the password update to occur after a logon/off.

Another symptom is when creating the new passphrase user on the encrypted disk, Windows Account Logon wizard, errors “Logon failure: the user has not been granted the requested logon type at this computer. Do you still want to create this user?”

We think that something about the PGP software’s hook in GINA requires the user right “Access this computer from the network.”  Hopefully this has come up with other organizations that have tried to secure machines with this gpo setting?  (otherwise, users are able to access the administrative shares of each other’s computers)  We need a workaround so that we do not have to grant elevated privileges to these users.