I am looking for guidance or instructions on how to best move an already encrypted device from one EPO 4.5 Server to another EPO 4.5, or if this is even possible. Both servers will have the user accounts synced but there is probably something that needs to be done with the encryption keys.
Any help would be greatly appreciated. The are not trusted EPO servers nor do they see each other as a agent handler. We are moving towards that but not there yet.
its not possible at the moment to move a machine to another EPO instance. You'll need to decrypt it, then start again.
Thanks for the response. Is this something in 4.6 EPO or 6.1 EEPC that will be available? If so, what are the requirements? Must be configured as trusted agent handlers?
This was actually possible with ePO 4.5 and and 6.0.2. When transferring the system via ePO or doing a force install of the McAfee Agent onto the client it would then take the policies and users from the new ePO server.
But please note, that no user data is transferred between ePO servers. Also to ensure that the machines remain encrypted you would need to ensure that the encryption settings in the product policies match.
Hope this helps
Just following up on this one. Would forcing the agent install from the new server eventually lead to the ability of the new server to issue challenge/response and to export recovery files?
In my testing this did not work.
Yes it would, but it will only work once the agent has performed
A policy enforcement. At this point the EEAGENT will then send
2 data channel messages via the McAfee agent (which you should
See in the status monitor dialog).
Which this is done you will be able to do a administrator recovery
Providing the policy on the new server supports it.