Update: In 2014 McAfee renamed Endpoint Encryption for PC (EEPC) to McAfee Drive Encryption (MDE). These instructions are valid for both versions.



Full disk encryption fundamentally changes the way that IT organizations manage their systems. Resolving these challenges, and making the administrator's life easier is a big focus for the  McAfee Endpoint Encryption for PC team. Today we have released a new utility that makes it much easier for organizations to upgrade and re-image their encrypted systems. As IT organizations move away from Windows XP and focus on upgrading their endpoints to Windows 7, this utility will be incredibly valuable. The best part is that we are providing this utility at no cost.


We are calling this the RefreshTool. The actual executable name is SbWinUpgrade, and those who participated in the beta may know it as that - but we'd like to refer to it as the RefreshTool going forward. The reason is that the tool does more than allow you to upgrade. It also let's you re-image systems (going from Win7 to Win7, for example). This will be useful for all those organizations that are moving to a user self-service re-imaging support model. The utility also allows you to install service packs on systems, something that was previously unsupported.


The tool is very small and very simple. It is a command line utility and can be called from any script or program, but our documentation shows how to implement the utility with the standard Microsoft applications (Microsoft Deployment Toolkit, User State Migration Tool, etc). The tool is necessary because OS refresh, re-image, and service pack installation activities change data on the hard disk in a way that would break EEPC. A simple example is the fact that the master boot record gets modified by an OS refresh; any modification of the MBR will break EEPC. The idea of this utility is that it allows you to modify EEPC so that the refresh operations do not break it. This is a precise dance in which the moves of each partner must be carefully coordinated. The documentation explains exactly when an how to execute each command. If you follow this carefully, you will have a stable and repeatable process for refreshing the operating system on your endpoints without having to decrypt and re-encrypt them.


Get the utility and documentation here