sure? I'm not sure what interim step you would suggest?
There is official McAfee document related to 4.2 to 5.2.x migration. I do not see a reason why that would not work properly.
"Endpoint Encryption Update and Migration Guide.pdf"
I have tried the following ;
Upgrade EEM 5.1.9 to EEM 5.2.1
Plugged in the database which has SafeBoot 4.2 objects
Able to lgin in to manage with 4.2 credential & also able to find the objects
Created 5.2.1 install set & installed it on 4.2 machine
After rebooting first boot synch was sucess, the client was upgraded from 4.2 to 5.2.1. The user group was imported & files were upgraded.
After rebooting able to login EEPC 5.2.1 client with Old credential.
Case 2 :
Change the file group one of the SafeBoot 4.2 machine to 5.2.1 file set.
Synchronised from the client, new file set was downloaded & the existing file set was upgraded to 5.2.1
After reboot system tray icon chaged & synch was successful
Login to EEPC 5.2.1 clietn was possible.
In both the above mention cases password & machine recovery using challenge response code worked.
Whatever changes that were done either on machine or user object in the console reflected after synch.
What I would like to know is if this can be implemented on live databse which has more that 10k machines running on 4.2 version & does McAfee support this.
You should not run install set created with 5.x client on machine with 4.2 client running.
Just perform file-set change (from 4.2 to 5.x) and let client upgrate itself on synch.
New 5.x install-set should be deployed to clients, which have no encryption product installed.
thanks lot & noted all your points..