Showing results for 
Show  only  | Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 7

Can Use Web API to List Encryption Users?

Is there a call on the EPO web API that returns a list of the encryption users for a particular machine?

6 Replies

Re: Can Use Web API to List Encryption Users?

Moved to ePO Web API




Level 9
Report Inappropriate Content
Message 3 of 7

Re: Can Use Web API to List Encryption Users?

Looking at the commands in my ePO server (using MDE 7.1.3), I don't see the option.  Here are the commands I do see (https://eposerver:8443/remote/

eeadmin.administratorRecovery challengeCode recoveryType [userId] - Drive Encryption Administrator Recovery

eeadmin.assignUser systemNode nodeId dn [recursive] [ldapServerName] - Drive Encryption user/group assignment

eeadmin.changeUserPassword userDn newPassword [oldPassword] - Drive Encryption change user's password

eeadmin.clearSSO userDn osType - Drive Encryption clear user SSO details.

eeadmin.deassignUser dn dnType [systemNode] [nodeId] [ldapServerId] - Drive Encryption user/group de-assignment

eeadmin.enableSystemTransfer [enable] [maxUsers] [searchOrder] - Drive Encryption system transfer.

eeadmin.exportMachineKey [machineId] [keyCheck] [oldKeys] - Drive Encryption export machine key

eeadmin.listRegisteredServers [serverType] - Obtain a list of registered servers

eeadmin.removeAllDuplicatesOfSelectedUser userId [ldapServerId] - Remove allduplicates of the selected user(s)

eeadmin.resetSelfRecovery userDn - Drive Encryption reset users self-recovery token.

This tool might get get you close: 

We will be talking about the Web-API at FOCUS 2015, Session 89: Advanced McAfee ePO Techniques: Making ePO Work for You!

Re: Can Use Web API to List Encryption Users?

How can enabled the option "enableSystemTransfer"?

I'm using McAfee Web Api () but I don't know the correct syntaxis; for example "enableSystemTransfer.Enabled='1' or similar.



Level 9
Report Inappropriate Content
Message 5 of 7

Re: Can Use Web API to List Encryption Users?

While the Web API explorer is an extremely useful tool, the Web API explorer has a limitation in that it does not look at your ePO, but merely has a static list of commands built into it.  Since it is a community-built tool (not an officially developed tool), it would be up to the person who made it to update it or have it dynamically pull the available commands which would be quite a bit of time by that person, but it doesn't hurt to ask.

This option (enableSystemTransfer) was introduced in MDE 7.1.3 to my knowledge.  This document has the details on usage:  McAfee KnowledgeBase - Drive Encryption 7.1 Patch 3 Client Transfer between ePO Servers Guide.


In order to see the commands in your ePO, run (https://eposerver:8443/remote/

In order to see the options for those commands, use https://eposerver:8443/remote/<Command> (ex. https://eposerver:8443/remote/


Level 7
Report Inappropriate Content
Message 6 of 7

Re: Can Use Web API to List Encryption Users?


I spent a while reading every document I could get my hands on before I finally figured this out. NONE of the McAfee documentation contains the correct syntax, you have to guess it yourself unfortunately.

The syntax to enable system transfer is: https://server-name:8443/remote/eeadmin.enableSystemTransfer?enable=true

I use curl for windows, so the full syntax on a windows PC is: curl –k –u userID:Password https://server-name:8443/remote/eeadmin.enableSystemTransfer?enable=true

Change userID and Password to your ePO admin credentials. This also accepts domain credentials in the format DOMAIN\userID, if you have a domain controller configured for authentication in the ePO, and a permission set configured against a security group that you're a member of.


- as mentioned above you will not find this full syntax in any of the McAfee documentation. Trust me, I've read it all. I even asked a tech support person to update the doco with a working example, but they said no.

- command is case-sensitive. For example, using https://server-name:8443/remote/eeadmin.enablesystemtransfer?enable=true simply won't work. Pay close attention to the capitilisation.

- this command has to be run on the destination ePO server

- system transfer only works with Drive Encryption version 7.1.3 and above. DE 7.1.3 and above has a minimum requirement for a particular version of ePO. I think it is 5.1, but check this before you do anything.

- I take no responsibility for anything that anyone does with this command. Do your research and always test in a small virtual test lab. You have been warned.

Re: Can Use Web API to List Encryption Users?

Regarding the original question of this post:

A bit overdue maybe but this can be done by passing a custom query to the web API:

This query will return all user names that are assigned to the system named "dph-pc1"

https://ePO_Server:<port number>/remote/core.executeQuery?target=EPESystemUsers&select=(select EPOLeafNode.NodeName EPESystemUsers.DisplayName)&where=(where (contains EPOLeafNode.NodeName "dph-pc1"))

The output will be:


System Name: dph-pc1

User Name (DE): dph

System Name: dph-pc1

User Name (DE): other-user

This query can also be extended to display:

  • DN of users assigned.
  • Is machine or system tree assigned.
  • Group names and DN assigned to this machine.

Hope this helps.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community