cancel
Showing results for 
Search instead for 
Did you mean: 

EEPC v6.0.2 encryption system migration

Jump to solution

Hi All,

I am looking for some input on migrating encrypted EEPC v6.0.2 systems from a ePO v4.5 server to a v4.6 ePO server. My initial plan was to set EEPC to be unencrypted and inactive then push a new agent via SCCM, then once the new system shows up in the new v4.6 ePO server set the policy to active and re-encrypt.

Is this method safe? Is there a better or easier way that I should handle this? My current ePO server is at v4.5 with the latest patch and EEPC hotfix. Also if it makes things easier I wouldn't be against going to EEPC v6.2 before migrating to a new server.

Thanks

Mark

1 Solution

Accepted Solutions
whgibbo
Level 12
Report Inappropriate Content
Message 2 of 5

Re: EEPC v6.0.2 encryption system migration

Jump to solution

Hi Mark,

I am looking for some input on migrating encrypted EEPC v6.0.2 systems from a ePO v4.5 server to a v4.6 ePO server. My initial plan was to set EEPC to be unencrypted and inactive then push a new agent via SCCM, then once the new system shows up in the new v4.6 ePO server set the policy to active and re-encrypt.

This will work, but of course it means decrypting all the machines..  Also means that the users token data will be lost as well..

6.0.2 did support transferring the machines (whilst encrypted) from one ePO server to another,  you would have to ensure that the policies on new ePO server match those on the old ePO server.  There were a couple of cases where the machine keys weren't sent up from, but these were addressed in EEPC 6.1.

 

Also transferring machines from one ePO server to another, does not transfer any user data.  Although in theory if the same users were assigned to the ePO branches and systems it may sent it up from the client, you would need to test this..

If you can I would upgrade to EEPC 6.1, then upgrade to ePO 4.6.  This would save having to transfer any systems and keep the machines encrypted and all the user data intact.

Hope that helps

4 Replies
whgibbo
Level 12
Report Inappropriate Content
Message 2 of 5

Re: EEPC v6.0.2 encryption system migration

Jump to solution

Hi Mark,

I am looking for some input on migrating encrypted EEPC v6.0.2 systems from a ePO v4.5 server to a v4.6 ePO server. My initial plan was to set EEPC to be unencrypted and inactive then push a new agent via SCCM, then once the new system shows up in the new v4.6 ePO server set the policy to active and re-encrypt.

This will work, but of course it means decrypting all the machines..  Also means that the users token data will be lost as well..

6.0.2 did support transferring the machines (whilst encrypted) from one ePO server to another,  you would have to ensure that the policies on new ePO server match those on the old ePO server.  There were a couple of cases where the machine keys weren't sent up from, but these were addressed in EEPC 6.1.

 

Also transferring machines from one ePO server to another, does not transfer any user data.  Although in theory if the same users were assigned to the ePO branches and systems it may sent it up from the client, you would need to test this..

If you can I would upgrade to EEPC 6.1, then upgrade to ePO 4.6.  This would save having to transfer any systems and keep the machines encrypted and all the user data intact.

Hope that helps

Re: EEPC v6.0.2 encryption system migration

Jump to solution

Thanks for the explanation - that is very helpful - I will note that I use EEPC for encrypted drives and not PBA so really my concerns are that once i migrate the systems they will report to the new ePO that they are encrypted and I will be able to recover them using the code of the day and the eetech disc.

In my current setup can you confirm if I need to upgrade to EEPC v6.1 before migrating them to ePO 4.6?

Also some things to also note - i didn't intend on upgrading my current ePO server, once all systems are migrated to the new server the old will be decommissioned so I had intended to do as little work as possible to the old server and focus my attention on the new environment.

thanks again for the input.

Mark

Highlighted
whgibbo
Level 12
Report Inappropriate Content
Message 4 of 5

Re: EEPC v6.0.2 encryption system migration

Jump to solution

Hi Mark

mark.tizzard wrote:

Thanks for the explanation - that is very helpful - I will note that I use EEPC for encrypted drives and not PBA so really my concerns are that once i migrate the systems they will report to the new ePO that they are encrypted and I will be able to recover them using the code of the day and the eetech disc.

Ok, so you have autoboot enabled..  The keypoint, is ensuring that the ePO Policies match on both servers, providing this is done you should have a problem.  Another point to take into account is that the clients will have to perform at least one asci from the new server for the keys to be transferred.  During that time, you will be able to do a administrator recovery from the old server.  Once it has performed the policy enforcement on the new server, then yes you will be able to use eetech.

In my current setup can you confirm if I need to upgrade to EEPC v6.1 before migrating them to ePO 4.6?

No you don't need to upgrade your ePO server to 4.6.  But EEPC does have a requirement of ePO 4.5 Patch 4 Hotfix 1.

Hope this helps..

Re: EEPC v6.0.2 encryption system migration

Jump to solution

thanks again for the explanation - I have ePO v4.5 P4 HF 1 installed as I was required to do this per McAfee T3 support for the issue I had in the past with EEPC\ePO.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community