Video Screencast Help

PGP WDE new user is enrolled but not added to WDE & cannot log in on bootguard.

Created: 15 Mar 2013 • Updated: 19 Mar 2013 | 13 comments
This issue has been solved. See solution.

When a new user logs in using LAN PW, the user is enrolled but not added to WDE & cannot log in on bootguard.

The new user appears in the Authorized Users list in the Universal Sever but not in the WDE users list locally.

Is possible that when a new user logs in, the user can get added to WDE list on the machine automatically?

Can a new user be added to WDE on a machine from Universal server.

As of now a new user needs to be added manually by an exixting WDE user or WDE admin.

Operating Systems:
Discussion Filed Under:

Comments 13 CommentsJump to latest comment

Alex_CST's picture

When a user logs in onto a machine with PGP Desktop they should be presented with the Enrollment wizard.  From there they will be able to be automatically added as users to that local machine

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Mehmood's picture

Dear Alex,

New users are presented with enrollment wizard.The users are added as authorized users in the server, their PGP folder in documents are created locally as normal, keys are assigned & users are able to encrypt files etc.

However the new users aren't added to WDE. If the machine is rebooted PGP bootguard will accept the PW of the user who is already part of WDE list.

The only user who is added to WDE is the one who was enrolled prior to WDE encryption. 

The solution  / workaround for this is to add the new user manually to the WDE users list. At this point the user who is already part of WDE list will be required to enter his/her PW.

So my questions still remain unanswered.

 

sven_frank's picture

Also please check that

autoAddWDEUsers

is set to true in the Policy if this is set to false the wizard will skip this part.

(simply check the client prefs.xml) or use the Advanced Pref Editor

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

SOLUTION
Mehmood's picture

Hi Steve,

I couldn'd find autoAddWDEUsers in Edit XML Preferences in the General Tab in Policy.

Please advise how to configure autoAddWDEUsers.

sven_frank's picture

Hi Mehmood,

The you will find it under:

OMC ==> Consumer ==> Consumer Policy ==> "Your Policy" ==> General ==> Edit XML Preferences
 

Be ware you can break things with this editor so be carefull to not any extra Characters:

Also when for Version 2.x this is still mostly valid:

http://www.symantec.com/business/support/index?page=content&id=TECH149767

But how you do it go to the Editor and add it (be aware the policy is Case Sensetive!)

After you hit save it should look like this:

 

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Mehmood's picture

Thank you Steve. The solution appears very close.

Pref Name: autoAddWDEUsers Type: Boolean Value: True

My server is PGP Universal Server 3.2.1. I believe i need to select PGP Desktop Client, don't I?

sven_frank's picture

Yes when you are on a Version Prior to 3.3 it will be "PGP Desktop Client" that is correct

 

 

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Mehmood's picture

Dear Steve,

Did that but doesn't work.

I deleted the .xml files in the user's roaming profile, logged off the user, logged in, enrolled but WDE user list is still blank.

Does this work if SSO is enabled?

Or does it work when the disk is encrypted?

sven_frank's picture

Hi Mehmood,

It should work with SSO turned on:

It works usually best when you have "Silent Enrollment" turned on or even utilize "Super Silent Enrollment"

Also you should have AutoEncrpyt activated for WDE this should make this together work.

Deleteing the Pref is actually necessary since this only kicks in when the client enrolls.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

sven_frank's picture

1. Dir Sync (Enroll clients using Dir Sync  = on)

2. Turn on Silent Enrollment (requires Dir Sync as above)

3. That is my WDE Config (Your Names might be a little diffrent since I'm already on a newer version):

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Mehmood's picture

Let me check my understanding:

  1. autoAddWDEUsers
  2. Super Silent Enrollment
  3. AutoEncrpyt

After the above 3 steps the user who logs in first gets added to the WDE list & encryption begins and there after any user who logs in is added automatically to WDE list.

True? If yes which one of your posts do I mark as solution? :)

 

sven_frank's picture

Hi Mehmodd,

yes this is correct that should work exactly as you describe it.

Be aware you don't need "Super Silent Enrollment"

Silent Enrollment is usually sufficent also when the "Super" version is even easier for the User.

Regarding Solution tick the one you liked most ;-)

But "AutoAddWDEUsers" is the most important part

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.