WDRT and Disk Admin Passphrase doesnt unlock WDE clients on 10.3 MP1
userguide describes the use of disk-admin pw and WDRT as following :
"Lock passphrase user accountsafter 3 failed login attempts: Type in how many
failed login attempts can occur before the encrypted disk is locked. You cannot
lock out a user before three failed attempts.
If the disk is locked, all passphrase users lose access. All accounts on the disk are
locked. Users cannot log in again without using a WDRT or other token. An
administrator with a PGP Whole Disk Encryption administrator key can also
unlock the account. If one user logs in with a WDRT or other token, the disk
unlocks and all passphrase users can log in again. Without a WDRT or other token,
the disk is permanently locked.
In our case we have domain clients and non-domain clients with managed Universal Server , Universal is on 3.3.0MP1 , and the clients on 10.3_MP1 , all Windows7 .
We manually entered 3 times the wrong password, the Notebook locks everything and we can authenticate when using DiskAdminPW or WDRT of the user, both are working , but unfortunately as described in userguide the PreBoot doesnt get "unlocked". the next time boot still shows "locked" and so the user cant login properly.
sounds like a bug , cause i dont know any setting in consumter policy to prevent "unlocking" preboot upon using WDRT or DiskAdminPW .
I remember old case where PGP Desktop didnt sync the changed user's password with the SSO logon of preboot, but this was fixed.
Another idea would be to switch from SSO back to normal preboot-user + additional domain user logon but we want to use SSO for ease of use.