We are building a pair of laptops that will remain completely disconnected from the EEM Server. Their only network connectivity will be outside of our perimeter with no way to contact the management server. No firewall rules, no VPNs for these guys.
The plan was to create a group in the EEM and build an offline installation set for that group with the client files and users for those machines.
The goal is to keep these laptops encrypted and maintain a way to recover the data should the encryption software make the OS inaccessible.
How would we go about this? Do we need to allow the machines to connect once to enable pre-boot protection? Do we need to move the sdb file to the machines?
Thanks in advance for any help.
if you can allow the machines to connect once, then you can use the normal online mode of operation. If they never connect though, you can use the offline install mode, then bring the .sdb file back to the EEM via some other method - this is explained in the EEPC admin guide I believe.
You won't ever be able to change the policy of those machines though, well, not without connecting them anyway.