Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PGP deployment of updated client from server does not allow required msi switches

Created: 13 Apr 2011 | 4 comments
dramon's picture
0 Agree
2 Disagree
-2 2 Votes
Login to vote

in order to use single sign on and have the password sync, you are required to deploy PGP with a specific .msi switch, see https://pgp.custhelp.com/app/answers/detail/a_id/928. However, there is no way to do this if you deploy updated pgp clients from the pgp server itself. This requires you to have a seperate deployment mechanism.  It is surprising the pgp made this a requirement since they do provide a way to update clients from the server. The issue above pretty much eliminates it usefulness.

Another solution would be to have the issue address in article https://pgp.custhelp.com/app/answers/detail/a_id/928 fixed without an .msi switch.

Comments 4 CommentsJump to latest comment

Sarah Mays's picture

SSO works for us without the MSI switch, we're using PGP desktop 10.1.1.

0
Login to vote
SWendland's picture

If I'm reading this correctly, dramon's having a problem with his clients getting a policy when using the updated installer Desktop downloads from the server, the one downloaded when a user clicks "Yes" to the new version notification prompt.  The odd thing is the policy doesn't come from the installer; it comes from the server based on the group (presuming 3.x).

I have to be honest - we've been using Universal Server since 2.9x and I've never seen this. Even if a user doesn't get caught and grouped by one of the LDAP rules, it would fall into the Default group and pick up its policy.

I'd need more information to be able to see this as feature request. Without it, this definitely seems more like a techincal issue with his server, or possibly just a misconfiguration of his policies or groups.

0
Login to vote
dramon's picture

Just to clarify, we have some cases where the single sign in does not work because of the order of the network providers, this  is clearly documented in http://www.symantec.com/business/support/index?page=content&id=TECH149470&actp=search&viewlocale=en_US&searchid=1309543383950

 

Which i now see has an update for using a reg key instead of a .msi switch at install time, this is certainly a better option

PGP Network Provider Connection
 
In some cases, other third party Network provider connections may interfere with the SSO feature of PGP WDE. Try moving the PGP Network Provider connection above other third-party connections in the Network Provider Order. Use the steps below for your operating system.
 
Windows XP
1.     Right-click My Network Places and select Properties. or click Start>Control Panel and then double-click Network Connections.
2.     Click the Advanced menu and then select Advanced Settings.
3.     Click the Provider Order tab.
4.     Under Network Providers, select the PGPpwflt entry, and click the Up arrow to move the PGP connection above any other third-party connections in the list.
5.     Click OK to apply the changes.
 
Windows Vista & Windows 7
1.     Click Start>Network.
2.     Select Network and Sharing Center.
3.     From the Tasks panel, click Manage network connections.
4.     Highlight your Local Area Connection.
5.     Click Advanced>Advanced Settings.
 Note: If the Advanced menu is not displayed, press ALT and the Advanced menu bar appears. Windows Vista may prompt you for your permission to continue.
6.     Select the Provider Order tab.
7.     Click the entry PGPpwflt.
8.     Click the up arrow to move PGP above any other third-party connections.
9.     Click OK to apply the settings.

 

Note:  The Provider Order can also be updated on multiple computers by creating a script which updates a PGP Windows Registry value. To use a script to update the value, modify the PGP_SET_HWORDER value from 0 to 1. The PGP_SET_HWORDER value is located in HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP folder (32-bit systems) and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP folder (64-bit systems).
0
Login to vote
PGP_Ben's picture

My understanding is that these PGP_INSTALL options and PGP_SET_HWORDER option are all stored in the registry. This is persistent upon upgrades. so the same settings should still take affect on the upraded client that is installed, whether the MSI switches are included again or not.

It sounds like this feature is not working for your for some reason?

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

0
Login to vote