cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 6

will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

Will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO.

when the McAfee agent retry to reconnect to the ePO server, will the ePO server create a new encryption recovery key for this machine?

5 Replies
Highlighted

Re: will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

I believe YES

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 6

Re: will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

Yes, they will be deleted. In my McAfee Encryption training class, we were told to be careful and not to delete encrypted systems from ePO due to these keys. In my ePO, I tag systems that are encrypted that way I don't by mistake delete one.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

The keys don't get deleted, but any machine specific policy (like the assigned users) will be.

MA will reconnect the machine and recreate it at some point - but the user list will come from the tree, not any specific assignments. ALDU might fix that for you though.

Re: will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

Here is a scenario:

1.  We have a task running on the ePO server that automatically deletes/purges machines that have not communicated in 180 days.

2.  A few months later, a user brings in a laptop that is encrypted, that they are no longer able to log in to.  Will we be able to do a recovery on that machine?  Or, if need be, manually decrypt it?  Will we be able to access the keys somehow?

Thanks.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: will the encryption recovery keys & user assigned to a encrypted machine removed if the machine is deleted from the ePO

Yes you will still be able to recover/decrypt, but it won't be as simple as it would be if you left the machine in the tree. User recovery as far as I remember is not machine based so it shouldn't matter at all.

You'll have a big problem though if you delete the machine and the user breaks the encryption software - then it gets hard to find the right key to use (since the machine can't tell you anymore).

For your own sanity, you might want to think about a policy where any machine over 180days old which has not checked into EPO is considered "lost" and the only option (if found) is a user password reset, or rebuild.

McAfee KnowledgeBase - How to obtain the Key Check Value requested by the Re-associate key option

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community