Endpoint Encryption

10.3 version of Symantec Endpoint Encryption (PGP). It says "Enterprise Enrollment Failed." I noticed that the section above username and password says "domain" specifically : "Please enter your domain authentication credentials." Is there no way to enroll local users on a Mac?

Our goal is to encrypt macbooks with the unmanaged version of Symantec Endpoint Encryption (PGP).

Enrollment is for connecting the software to a central management server.  If you want unmanaged you dont want them being connected to the Universal Server

For the Windows version, I had to confirm the login credentials for the enrolled user aka the user that would be able to log in at preboot. Then I was able to setup the local recovery questions for that user as well. I'm just trying to do the same. I pulled the same client with the same policies off the server that I used for our Windows laptop but it is just the OSX version.

I cannot get past this enrollment screen since it will only accept an AD user's credentials. How can I install an unmanaged client?

The windows version you pulled from the server sounds like its managed.  If you want an unmanaged OSX client you need to just install the software, don't get it from the server.  Pull the software directly from Fileconnect, you can download the stand-alone client there.  All clients pull from the Universal Server will be managed, so its a lot easier to just pull the client from Fileconnect.

But then how can I customize the install? I have a preset policy selected when I pull the client from the server. And the windows version is unmanaged. When you check the "embed policy and license information to force disconnected client" box it states that these clients will NEVER contact the Symantec Encryption Server.

Hi Bruno,

You can use the client package from the server with embedded policy.  What this does is contact the server one time upon enrollment and then the client will never contact the server. 

The next step would be to change the PGP stamp to PGP Default Stamp.  This will make your client stand-alone with the policy that you set on the server when you downloaded the client package with preset policy.

Some companies do this if there client never checks in with the domain or the office.  Usually they'll put the WDE Admin enabled on the policy so if the user is locked out of their computer then they would have to bring there computer back to the company for the Admin to unlock.

If you just want a complete stand alone with no embedded policy then download the file from file connect.  The file is called SymantecEncryptionDesktop10.3.1_MacOSX.tar.gz

Thanks

Anthony

Thanks for the response, Anthony!

The problem I'm having when pulling the client from the server is that the Mac version grays out the "Embed policy and license information to force disconnected clients" box.

I think since it cannot embed the policy I want that it's unable to be configured as an unmanaged client. Thoughts?

I did a little more research and Windows is the only platform that supports embedded policy.

The best option is to download the stand alone file from fileconnect.

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

Thanks

Anthony

Ah well that would do it.

Is there a way to set the Disk Administrator Passphrase with this standalone version?

The stand alone doesn't have that option.  You could set more than one passphrase user.  If a user is locked out than the other passphrase user could unlock the disk. 

What about "enrolling" a local user? I'm still being prompted to enroll an domain user. Ours macs are not added to the domain and have two local users.

If you're using a client installer from the PGP server than your Mac needs to be added to the Domain in order to not have the Enrollment error.  PGP uses Ldap Sync to verify the user from Active Directory.

If you want it un-managed then you must download the stand-alone version for the software.

I thought I was now using the stand-alone version (SymantecEncryptionWeb3.3.0MP1Full\SymantecEncryptionWeb3.3.0Full_Inner\Encryption Desktop\Mac OS X Installer\EncryptionDesktop10.3.0.tar.gz). Could you provide me with a direct link or steps to navigate to the download so that I may verify?

Here is the link to fileconnect:

https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

If your account doesn't show the latest version for the Mac then you'll have to call Customer Care.

Link to Customer care:

http://www.symantec.com/support/assistance_care.jsp

Thanks

Anthony