7 Replies Latest reply on Apr 27, 2010 2:14 PM by GeraldMudd

    Determine who initiated Remove & Reboot for a machine?


      We have a machine that had Endpoint Encryption removed (boot protection set to Remove & reboot) back in January 2010.  The last event in the audit shows a login and check for configuration updates on 1/5/2010.  Is there a way to find out the user who initiated decryption?