Video Screencast Help

PGP desktop policy not being applied

Created: 06 Feb 2013 • Updated: 06 Feb 2013 | 2 comments

I'm having problems with certain policy features not being applied to policy users correctly. When I make a policy change in the "file share" \ "prevent the encryption of files in the following folders" options, that directory\folder I type in is never applied/created on the end-users side. I did verify the users are definitely using the effective policy group that I'm making the change in. Yet, if I turn on PGP shredder and update the policy on the end-users side, the PGP shredder icon appears on the desktop and vice versa, so I know things are working

Can anyone tell me why the force encrypt and force no encryption options are not working for me anymore? I’m running 10.3.0 (Build 8741)

Comments 2 CommentsJump to latest comment

PGP_Ben's picture

I would check your update log to see if there is any errors. I would also check the System --> Updates tab on your Symantec Encryption Server to make sure there is no errors reported there as part of the upgrade. Sometimes the consumer policy can get corrupted upon upgrade if it was customized in the past. My recommendation, if those prior suggestions don't indicate anything, is to revert the policy to factory defaults. Make sure that you clone the policy first so that you have a backup to reference since it will revert all your settings back to default under that policy.

Give that a try, and then update policy on a few Desktop clients to see if that helps. My suggestion (safest method) is usually to create a test policy cloned from the Default one. Revert that one to Factory Defaults and reconfigure the policy for the options that you need. Then move a select group of consumers over to that new policy for testing. If all works well, you can move the Everyone group over to have their effective policy be that new policy instead.

I hope that helps. Send me a message on the forum here by clicking on my name if you have any other questions.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

3L3M3NT's picture

Well it turns out that I have to manually create the folder on the local drive and then the policy works. So under the "prevent the encryption of files in the following folders" I added C:\NoEncryption. This is a folder some user want to use to put a encrypted file into that they need to email to someone without PGP. Well, the folder is never created automatically.. if I have the user create that folder and move any encrypted file to that folder it is decrypted. Not sure why this folder is not created automatically anymore. Nothing in the logs indicates any errors/problems regarding this. I also created a fresh new policy and had the same problem.

I do remember this working when I testing this months ago.. maybe some bug with this new 10.3.0 version. Have no idea.

Thanks for the help anyway PGP_ben.