3 Replies Latest reply on Aug 31, 2010 2:05 PM by ozmaan

    decrypt machine using sbadmcl.exe

      The title says it all...is there an sbadmcl.exe command that will decrypt a machine's drive?  Trying to set up a migration script, and want to be able to allow customers to potentially run some sort of script to decrypt the main hard drive 24-hours prior to migration.  Anybody done anything like this?

        • 1. Re: decrypt machine using sbadmcl.exe

          yup. SetEncryption should do it - just set a drive that does not exist and it should decrypt the rest.


          BUT, are you sure you want to decrypt the drive - perhaps what you really want is to remove EEPC (encryption plus boot code) - that's a different question/matter though. To do that you'll need to move the machine into a group with the activation state set to "disable", and then do a SetGroupConfig

          • 2. Re: decrypt machine using sbadmcl.exe

            Are you sure that you want to leave it in customer's hands (decrypt drive)? How will you control that they remove encryption only where is needed?

            You can run scripted (scheduled) operations on database machine objects or use EEM to perform that manually.

            • 3. Re: decrypt machine using sbadmcl.exe

              We aren't leaving it in the hands of the user.  A task will be deployed via SCCM that does a basic health check of the user's system to determine the probability of success for an inplace windows XP to 7 migration--drive space, chkdsk, data set size, hard drive fitness test, status of internet backup.  The only piece we hadn't worked out was decrypting for data migration.  We will decrypt the drive and set a timer in the registry. If the user has not run the Win7 migration task within 48 hours, the machine will be reencrypted.