Endpoint Encryption

 View Only

  • 1.  SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 10:27 AM
    I have setup SEE 7.0.5 from scratch and deployed a few clients and found that changes to the GPO are not changing the SEE client settings.  I have added disk admin accounts and changed the option to allow users to decrypt with FDE but the client does not reflect the change.  I have checked the RSOP and verified that the client computer (windows 7) applied the policy.  What could cause this disconnect? 


  • 2.  RE: SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 10:43 AM

    Hi Tim,

    It might just be down to 7.0.5 not being fully supported on Windows 7 - are you able to try it on an XP machine to confirm?

    Otherwise, check the windows event log for anything from the 'Symantec' source (you can follow the audit trail and it will say if it received a configuration change or not)

    Finally, how are you testing the admin accounts to come to the conclusion that it isn't working?

    Cheers
    David



  • 3.  RE: SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 12:24 PM

    Thanks for the quick response!  I am testing the disk admin by both trying to log into the admin client and by trying to uninstall the RS portion.  Neither are working.  I have just tested on an XP box and have found that the problem is not limited to my win7 machines.   the only events in the log from symantec are the eventid 4's indicating that an admin client login attempt has failed.



  • 4.  RE: SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 12:30 PM
    Hmm ok, sounds like its not actually receiving the GPO updates. How are you actually setting them, through manually editing the GPO using standard windows tools (administrative templated) or using the SEE admin console GPO components (that look like this):



    If not the latter, give it a try. Failing that, run gpupdate a couple of times just to make sure, or maybe set another policy other than the local admins.


  • 5.  RE: SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 12:39 PM
    I am checking and configuring in the snapin in the SEEM console.  I have used the RSOP tool to verify that the policy is being applied to the computer.   I have run gpupdate /force on the PC's in question (both 7 and xp) several times as well as rebooted the system a few times over the past few days.  I have also created a new policy and applied it to its own OU and placed machines there and get the same result.


  • 6.  RE: SEE 7.0.5 GPO not working

    Posted Jun 23, 2010 02:30 PM
    I have checked in the registry under HKLM\SOFTWARE\POLICIES\ENCRYPTION ANYWHERE\FRAMEWORK\CLIENTAMDMINS and have verified that changes to the client admin accounts are being written into the registry so i know the policy is being applied but the new account I added is still not able to remove products or log into the admin client.