cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
RDMAN
Level 8
Report Inappropriate Content
Message 1 of 2

XML retention time in database

Jump to solution

If a system with drive encryption is deleted from the system tree, how long am I able to recover by

1. Admin recovery

2. Remove DE via DETech and Export recovery information based on Disk Keycheck

 

Thanks,

Ron

1 Solution

Accepted Solutions
cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: XML retention time in database

Jump to solution

MDE recovery is designed to be retained, for the most part, indefinitely.  The exceptions to this would be if the database is lost\destroyed\corrupted (should be very rare), if someone were to choose the option to destroy the recovery information from within the ePO server UI, or if someone manually altered the database to remove it (very much unsupported).  Of course, having database backups can help prevent unintended consequences from those situations.   As a side note, there are legitimate reasons to use the option to destroy recovery information for a system but those should be fairly rare in most cases and I highly advise that you be absolutely certain that they system will never need recovery before that is ever considered.

The recovery data is associated in two ways.  One is to the machine object in the system tree, the other is to the keycheck value.  When you delete an object from the system tree, the association of that key data to that object is lost since the object no longer exists but the association to the keycheck value is retained.  In a recovery scenario, as long as you are able to obtain the keycheck value from the disk to be recovered, and assuming that none of the exception situations noted above occurred, you should still be able to obtain the recovery data.  

One thing to note though, if a system is in need of recovery, depending upon what the issue is and what caused that issue, it is possible that the cause of the issue could hinder or totally prevent the availability of the keycheck value.  In such a case, you would still technically have the recovery data but it would be a "guessing game" as to which data applied to that system and in most cases, not feasible for recovery.   As such, it is advisable to ensure that systems are only removed when not needed as much as possible and beyond that, maintaining proper database and ePO server disaster recovery backup data is highly advised.

View solution in original post

1 Reply
cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: XML retention time in database

Jump to solution

MDE recovery is designed to be retained, for the most part, indefinitely.  The exceptions to this would be if the database is lost\destroyed\corrupted (should be very rare), if someone were to choose the option to destroy the recovery information from within the ePO server UI, or if someone manually altered the database to remove it (very much unsupported).  Of course, having database backups can help prevent unintended consequences from those situations.   As a side note, there are legitimate reasons to use the option to destroy recovery information for a system but those should be fairly rare in most cases and I highly advise that you be absolutely certain that they system will never need recovery before that is ever considered.

The recovery data is associated in two ways.  One is to the machine object in the system tree, the other is to the keycheck value.  When you delete an object from the system tree, the association of that key data to that object is lost since the object no longer exists but the association to the keycheck value is retained.  In a recovery scenario, as long as you are able to obtain the keycheck value from the disk to be recovered, and assuming that none of the exception situations noted above occurred, you should still be able to obtain the recovery data.  

One thing to note though, if a system is in need of recovery, depending upon what the issue is and what caused that issue, it is possible that the cause of the issue could hinder or totally prevent the availability of the keycheck value.  In such a case, you would still technically have the recovery data but it would be a "guessing game" as to which data applied to that system and in most cases, not feasible for recovery.   As such, it is advisable to ensure that systems are only removed when not needed as much as possible and beyond that, maintaining proper database and ePO server disaster recovery backup data is highly advised.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community