cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kblowe
Level 10
Report Inappropriate Content
Message 1 of 5

MDE export keys in bulk

Hello,

How can I export the MDE machine keys in bulk?

I joined the EZ Exchange group last year and I am glad I did. I tried the EZ Exporter tool but i'm receiving SSL/TLS related errors or unhandled exceptions errors with or without TLS 1.0 enabled. My .Net versions are enabled. The keys are never exported due to an error. Is there any other option to export the keys in bulk?

Also I downloaded the MDE Scripting guide, but its only talks about exporting a key(s) for a system, not multiple systems.

Any suggestions. Thanks.

4 Replies
JaganA
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: MDE export keys in bulk

@kblowe Thanks for posting here

Due to a security reason its not possible to export the recovery keys in bulk.

The same is recorded in Audit log with who and for which machine was it generated.

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
kblowe
Level 10
Report Inappropriate Content
Message 3 of 5

Re: MDE export keys in bulk

Exporting bulk keys is possible and has been done in the past. Security precautions are taken into consideration. But for an instance of an ePO server is down for a few days and there is a need to decrypt a system. Are there any steps or tool available to decrypt that system? You would need the backup of key. Unless there are steps or a tool where you don't need the exported key.

JaganA
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: MDE export keys in bulk

@kblowe In such case, the best way to get recovery key is, import ePO DB into test ePO and export the key from test ePO console.

Bulk export is allowed only in unavoidable situations. Again, this has to be done with the help of engineering team and it is out of support scope.

However, I would say, open a SR with support and ask for the same to get help from engineering.

JaganA
McAfee Employee

Was my reply helpful?
If yes, click "Accept as Solution" in my reply and together we can help other members?
kblowe
Level 10
Report Inappropriate Content
Message 5 of 5

Re: MDE export keys in bulk

To import one epo DB into another ePO to export bulk keys, one ePO would need to be online. In my case both my production ePO server and my test ePO server will be offline at the same time. I need to be able to export bulk keys prior to the ePO server going offline for 3-5 days. I need to be able to decrypt a system if required. Appears I will need to open a SR for this for some advanced guidance.

There are new enhancements in MDE 7.3. Maybe this is useful for my scenario.... thoughts.

  • DETech tool  Drive Encryption 7.3.0 now installs DETech (UEFI only) to the EFI system partition along with a separate boot menu entry. This allows remote users to boot directly to DETech and, on successful challenge code and response code administrator recovery, user can perform a subset of recovery tasks without the need of removable media.
     
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community