5 Replies Latest reply on Oct 5, 2009 8:07 AM by mjpottratz

    Machine deleted ?

      Hello I got a big problem with a machine. The machine is not in the Endpoint Manager (maybe deleted) and not in the recycle bin anymore.
      But EEPC is still running on this machine. I guess someone deletet it permanently from the manager. The Client can not sync anymore because he doesnt find the Object in the EE Manager. The Client's Hard Disk is fully encrypted (with AES256 i think). Can EEPC be removed from the machine and reinstalled so that a new Machine Object is created in the Endpoint Manager ?
        • 1. RE: Machine deleted ?
          why don't you just restore it from a database backup?

          The only way to remove EEPC if there's no object is with WinTech/SafeTech.
          • 2. RE: Machine deleted ?
            This is a test environment so there are no backups. But i got it recovered using SafeTech and the "Remove EEPC" Option. Thanks !
            • 3. without
              Out of curiosity, (not a current situation in my environment thankfully) what would happen to remove EEPC if you could not authenticate via SBFS? You would not have the SDB File because it would be gone from the database so.....would you be out of luck?
              • 4. RE: without
                yes - this is after all a security product.

                Without being able to auth locally, and without the keys backed up in EEM (or a backup of your database), you'll be in the same position as a thief.
                • 5. Machine deleted ?
                  In case anyone was wondering I had a situation where I NEEDED to find out who or why a machine was deleted from the DB. You can use the SBADMCL tool to track it down.

                  Because the deletion even is in the User Audit Log you can use this process to find it:

                  Basically you run the SBADMCL tool to dump User Audits with the eventid=0x01000085 to a text file, then you can Find in the file the Machine Name that was deleted.

                  Here is the command:

                  sbadmcl -command:dumpuseraudit -group:"*" -file:c:\testdump.txt -clear:false -eventid:0x01000085 -adminuser:***** -adminpwd:*****

                  It was very helpful for me because I have scheduled events to remove old machine accounts from the DB, and on top of that I have 37 admins in the console that HAVE to have the ability to delete machines as we have offices all over the world.