I'm getting ready to deploy MDE 7.1 in our environment. As part of the preparations I have built a test / dev ePO server. This will allow me to easily transfer managed production systems (my teams laptops) from the production ePO server to the DEV ePO server for testing of MDE 7.1.
Based on what I've read, this seems like a bit of a one-way street because I can't transfer a system back to my production ePO server wihtout issues once it's been encrypted. Is there a way around this? -I ask because the product help & documentation very clearly warns against transferring encrypted systems because they will become dis-associated form their machine key.
Granted, this *is* a bit of a corner case but it would be pretty nice if I didn't have to decrypt a system, transfer it to the production ePO server and then re-encrypt it there.
You can move machines between EPO servers easily - they will repopulate their keys etc. What you will loose though is users - you can't move those between EPO servers at this time.
We have a Dev server here and we do transfer systems back and forth. We populate the same users from our AD in both EPO servers, however, if a system was encrypted on one server, then moves to another, a user has to enter the default password as the system sees them as a first time user.
As a rule of thumb, we try not to move real user systems too much, rather, we mostly are using test systems on the dev server, but, we do have a few users (IT Volunteers) permanently assigned to the dev server, so we can test patches and software as realistically as possible.
Oh, and we have the MDE (EEPC) policy set to sync with the AD password.Message was edited by: awbattelle on 5/8/14 12:17:30 PM CDT
Once each epo server has the users, they won't need to enter the default password anymore, but remember they are not the same users - each epo server is going to be maintaining a separate entry.