Thank you for your question. This comes up by customers and students alike in my classroom. Everyone's business needs a process for the proper removal of assets (your systems). This means that removing ANY system from your ePolicy Orchestrator systems tree needs careful consideration. If you are running a server task that removes systems automatically (30,60,90 or greater days) you then need to determine what you have installed for products. You then determine data retention for your company (business). If you don't know, you don't delete, period! Instead of removing, you can tag them as (over 30,90 etc). Now if any C level wants to have a conversation with you regarding an asset that has been stolen, vandalized or victimized in some way you can have a conversation on what you last knew. If you had drive encryption on the asset that is missing, you can have a conversation regarding what you last knew and potentially satisfy safe harbor regulations. Unless you are Tennessee: No Safe Harbor: Tennessee eliminates encryption safe harbor
Where was I, oh yes if you have DLPE you have other things to consider. Keep what you have in ePO and ONLY decommission when you can stand by the asset removal and\or process. I have seen way to many administrators remove a device and then be unable to have a discussion with a high level executive. Especially in light that you are supposed to be managing these devices. And as for the asset coming back if someone turns it on? It isn't coming back if it's stolen! And all McAfee Agents work all the time too, right?
So there is my three cents. This experience was gathered since ePO beta back in the late 90's and many millions of systems manhandled by administrators false notion that things will occur when they absolutely might not.
Thank you very much for your insight, I will consider your advise, your absolutely right on having a proper process for removal of assets. I will just stick to the current setup and wait until we have a solid agreement on how the assets will be remove.
to answer your question though, yes it can be easily done. start with a query and locate those systems. then create a server task that will remove resulting systems.
step 1. query to locate systems that meet your non-communication requirement
step 2. use the subaction to delete OR move to a specific folder.