cancel
Showing results for 
Search instead for 
Did you mean: 
verysign
Level 7

Question about EPO backups regarding encryption

Jump to solution

What would happen if your EPO server died, and you had to roll back to an earlier backup of say 1 week. what would happen to all the machines / USB keys that had been encrypted during that time?

Also are there any extra precautions that need to be taken when backing / restoring an  EPO server?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Question about EPO backups regarding encryption

Jump to solution

The machines that have been encrypted in that time would upload their keys upon connecting to the ePO server. User passwords and attributes are tracked with timestamps and password changes and the like will be uploaded to ePO also. Users may be removed from these systems as ALDU only runs upon the start of the Drive Encryption service. Because the users will not be removed until the key has been uploaded to ePO successfully, there is always the ability to perform a machine recovery if the users are removed.

The typical use case for FRP Removable Media is to use a recovery key either a standard key or a User Personal Key. These are cached locally but will not be uploaded to ePO. Drives that were initialized during that time will need to reinitialized if the keys no longer exist in ePO.

It is recommended that incremental backups are taken daily and full backups are taken once or twice a week. Because this is MSSQL, standard backup practices of the DB can be used. As with any backups, it is recommended that be checked from time to time to ensure that the backup process is successful. Specific directories of the ePO server will also need to be backed up.

For specific information about backup and recovery of the ePO server can be found in KB66616

0 Kudos
2 Replies
McAfee Employee

Re: Question about EPO backups regarding encryption

Jump to solution

The machines that have been encrypted in that time would upload their keys upon connecting to the ePO server. User passwords and attributes are tracked with timestamps and password changes and the like will be uploaded to ePO also. Users may be removed from these systems as ALDU only runs upon the start of the Drive Encryption service. Because the users will not be removed until the key has been uploaded to ePO successfully, there is always the ability to perform a machine recovery if the users are removed.

The typical use case for FRP Removable Media is to use a recovery key either a standard key or a User Personal Key. These are cached locally but will not be uploaded to ePO. Drives that were initialized during that time will need to reinitialized if the keys no longer exist in ePO.

It is recommended that incremental backups are taken daily and full backups are taken once or twice a week. Because this is MSSQL, standard backup practices of the DB can be used. As with any backups, it is recommended that be checked from time to time to ensure that the backup process is successful. Specific directories of the ePO server will also need to be backed up.

For specific information about backup and recovery of the ePO server can be found in KB66616

0 Kudos
verysign
Level 7

Re: Question about EPO backups regarding encryption

Jump to solution

thank you for such a detailed answer!

0 Kudos