The re-use machine key option is specifically designed for systems that have two (or more) partitions: one for the operating system, and one (or more) for data.
The classic case is a C: drive for the OS and a D: drive for the data. If you only re-image the C: drive, then all the data on you D: drive is still encrypted. If you then activated EEPC on the new C: drive, it would be using a new key and you wouldn't be able to read the data off the D: drive. The re-use machine key feature solves this problem. It causes our agent on the C: drive to identify the key in use by the D: drive and then "re-use" that key on the new C: drive.
Here's how to use the feature
- Make sure the key re-use feature is enabled by going into ePO > Confinguration > Server Settings > Endpoint Encryption
- Before you re-image a system, find it in the ePO system tree and select it by checking the box
- Go Actions > Endpoint Encryption > Key Re-use to enable key re-use for that one system
- Wake up the agent and verify that it has received the policy before starting the re-image process
Note: This cannot be automated. It has to be done manually for each system. You will need to instruct your technicians to do this as part of the re-image process.
Thanks so much DLarson!
Hi DLarson, i have problems. when i enable this functions i must add volumes (see attach). I don't understand add volumes to Volumes to keep encrypted that what mean? Can you explain me this options? Product guide have not information for this. Thanks!
encrypt.PNG 34.8 K
1 of 1 people found this helpful
Looking at the screenshot that you have attached, it looks like you are running EEPC 6.0.2.x.. In this version you will need to add the volumes that you want to remain encrypted.
This was changed in EEPC 6.1.x, in that you no longer need to do this.. It is a lot simpler
Hope this helps.