cancel
Showing results for 
Search instead for 
Did you mean: 
mvm_101
Level 9

MDE 7.1 - transferring systems between ePO servers - Keys?

Hi everyone,

I'm getting ready to deploy MDE 7.1 in our environment. As part of the preparations I have built a test / dev ePO server. This will allow me to easily transfer managed production systems (my teams laptops) from the production ePO server to the DEV ePO server for testing of MDE 7.1.

Based on what I've read, this seems like a bit of a one-way street because I can't transfer a system back to my production ePO server wihtout issues once it's been encrypted. Is there a way around this? -I ask because the product help & documentation very clearly warns against transferring encrypted systems because they will become dis-associated form their machine key.

Granted, this *is* a bit of a corner case but it would be pretty nice if I didn't have to decrypt a system, transfer it to the production ePO server and then re-encrypt it there.

Thanks

0 Kudos
5 Replies
SafeBoot
Level 21

Re: MDE 7.1 - transferring systems between ePO servers - Keys?

You can move machines between EPO servers easily - they will repopulate their keys etc. What you will loose though is users - you can't move those between EPO servers at this time.

0 Kudos
mvm_101
Level 9

Re: MDE 7.1 - transferring systems between ePO servers - Keys?

I suppose if both servers synch the same AD users and groups then maybe it would re-synch the users after a transfer?

0 Kudos
SafeBoot
Level 21

Re: MDE 7.1 - transferring systems between ePO servers - Keys?

If you set up the same user mappings, yes, but they will be new users, ie new passwords etc.

0 Kudos
awbattelle
Level 11

Re: MDE 7.1 - transferring systems between ePO servers - Keys?

We have a Dev server here and we do transfer systems back and forth. We populate the same users from our AD in both EPO servers, however, if a system was encrypted on one server, then moves to another, a user has to enter the default password as the system sees them as a first time user.

As a rule of thumb, we try not to move real user systems too much, rather, we mostly are using test systems on the dev server, but, we do have a few users (IT Volunteers) permanently assigned to the dev server, so we can test patches and software as realistically as possible.

Oh, and we have the MDE (EEPC) policy set to sync with the AD password.

Message was edited by: awbattelle on 5/8/14 12:17:30 PM CDT
0 Kudos
SafeBoot
Level 21

Re: MDE 7.1 - transferring systems between ePO servers - Keys?

Once each epo server has the users, they won't need to enter the default password anymore, but remember they are not the same users - each epo server is going to be maintaining a separate entry.

0 Kudos