I would like to find out a root cause of an issue we had after upgrading the Universal Server from 3.0.2 to 3.2mp3
The issue that I have is that under my consumer policy for whole disk encryption, the require authentication was set to TPM after the upgrade. It was originally set to 'standard passphrase authentication'. Normally our enduser will use their windows login password to SSO to the computer.
After the clients (10.0.3) successfully synchronized with the server (3.2mp3), we noticed the user can no longer log into the pgp using their password. We were able to connect the computer using WDRT or the administrator password.
Once in, we were able to log in as the enduser in the windows profile and did an update/synchronized of policy. When we did that, we notice that the passphrase authenticated account for the enduser has been deleted.
What we did to resolve the issue and allow the user to use his windows password to login at the bootguard prompt was to manually add the user in. Below is the steps we took to manually add users back.
My question is: If we go into the universal server and change the policy back to 'standard passphrase authentication' will this solve the issue of PGP deleting the user's account on the PGP desktop?
If it does, then great. If it doesnt, what can I do to stop the accounts to be deleted.
Also, I have manually update the PGP policy from a laptop many times but it doesnt seem to be getting the updated information. I noticed this because we changed and updated the "additional text information" but when I restart the computer, it still has the old text.
If the user unable to login to PGP, please perform the below steps:
1. Login to Laptop using administrator password or WDRT
2. Ask user to login to their windows profile
3. Right click of the PGP Desktop icon in right bottom corner (background task icon)
4. Select policy update.
5. If the policy update process stuck, kill the PGPdesk.exe and PGPtray.exe process
6. Start the PGPserv services
7. Goto Program àPGPàPGP Desktop to start the PGP desktop
8. After the PGP Desktop started, double click on the PGP desktop
9. Click on Encrypt Whole Disk under PGP Disk to confirm the laptop owner username is under User Access
10. If he/she username is not exist, you need to add it in.
Steps to add user in PGP Desktop.
1. Click on New Passphrase User
2. Select Use Window password
3. Select Proceed with passphrase authentication only
4. Ask user login with domain password
5. Use “passphrase unlock password" to unlock the disk and the username will be added
6. After name is added, select the username and click on Add Security Questions
7. In Enter passphrase for your disk, Login with user domain login password
8. Answer all question with “xxxxxxxxxx”