![]() (PGP Setting) Register Encryption Desktop as Trusted ![]() Set the Group Policy Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs to Enabled or Only Sharing-Exclusive PSTs can be added.Set the Group Policy Prevent users from adding new content to existing PST files to Not Configured or Disabled.This will prevent users adding new PST files to their Outlook profile but allow existing PST files to be used: Item 4 of 5 - (Outlook setting) Allow content to be added only to existing PSTs Work with your security team to ensure you can allow these policies in order for the PGP Desktop client to decrypt emails properly. Important Note: You may be able to change these values in the registry if you are a local administrator on the machine, however, if you have GPO that enforces these settings, they will revert back to the original settings. In environments where GPO may block this, you may need to get an exception to allow these PST policies. The simplest solution is to leave both these Windows Group Policies at their default values. Item 3 of 5 - Do not change Windows Group Policies If this is enabled, automatic decryption may not be possible. Recommendation: Set the " pstdisablegrow" value to " 0" to disable this functionality. Location: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\outlook\pst.This policy is set to Not Configured by default. Prevent users from adding new content to existing PST files Recommendation: Set the "disablepst" value to "0" to disable this functionality. Location: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\outlook.Note that the Office version number will change according to the version of Office you are using: Only Sharing-Exclusive PSTs can be added.Item 1 of 5 - Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs If the following Windows Group Policies are changed from the defaults, PGP Desktop cannot create and/or use the PST file that it needs. Section 3 of 5: Applicable Outlook Security Policies ![]() If none of the above links have allowed PGP to decrypt, and you are sure no other security policies or applications are at play, proceed to the next steps: For more information on this, see the following article:ġ80267 - HOW TO: Encrypt/Decrypt Text Using the Current Window feature with Symantec Encryption Desktop (PGP Desktop) for Windows If the email is not working automatically, you can use the Clipboard or Current Window features to decrypt manually to validate if the message decrypted. Section 2 of 5: Ensure you have the private key to decryptĪlso make sure that the keypair is available to decrypt to which the message was encrypted to. Symantec always recommends adding exclusions to your security applications to ensure our software and drivers will be able to launch properly.įor information on which binaries to add, see the following article:Ģ00696 - Symantec Encryption Services - Add Symantec Encryption programs to safe list or exclusions in security software Section 1 of 5: Security Exclusions for PGP Desktop The following sections will provide information on how to get decryption operations to work, which include making changes to Outlook policies as well as PGP policies. This article will offer troubleshooting steps to help resolve this issue. In some cases, when you click on a message, the PGP Tray notification states that the item is Not secured by sender - it is treated as an unencrypted message. You may or may not receive an error message when you click on an encrypted message for decryption. pgp extension and for the message, you will simply see a block of ciphertext, such as the following example. One of the symptoms that happen when the PGP message is not decrypted in Outlook is you will end up with attachments instead of being able to see the body of the message.įor Emails encrypted with PGP/MIME encoding, you will have two attachments:įor Emails encrypted with PGP-EML encoding, you will have one attachment:įor emails encrypted with PGP Partitioned, the encrypted attachment will have a. If messages are coming in encrypted, but the PGP Desktop client will not automatically encrypt, there could be security policies that are in place that may be preventing this. On the other side of this, decryption is possible and when an incoming message arrives, PGP can decrypt this as well. When a user sends a message, PGP Desktop can automatically find a key, and if available, will encrypt to it. Symantec Encryption Desktop (PGP Desktop) has the ability to automatically encrypt and decrypt emails without having to go through a lot of steps.
0 Comments
Leave a Reply. |