2 Replies Latest reply on Sep 11, 2012 5:47 AM by cisadmin

    Encryption Users removed after moving systems in System Tree

    bdoyle

      Hi All,

       

      We are having an issue where after successfully adding an encryption  user to a system, and completing the encryption, the user is removed from the EEPC after moving the system to a different group in the ePO System Tree. We are using EEPC 6.1.2.314. We have a seperat group we move systems to when we are encrypting them. After installing the software, we add the users to the machine. This works fine, and the encryption process then starts. The system and pre-boot authentication will work fine untill the system is moved back to the correct group withing the ePO system tree. When the user next trys to log on, it says "unknown user" and when we check under Encryption users -> Show users, there are no longer any users listed for the system.

       

      Any assistance with this issue would be greatly appreciated, as we have a lot of systems encrypted, and need to resolve this ASAP.

       

      thanks,

       

      Brian

        • 1. Re: Encryption Users removed after moving systems in System Tree

          Hi Brian,

           

          Thanks for posting your question this is actually behaving as designed you would need to assign the user when it is in its final group within the EPO system tree.

           

          Kind Regards

           

          Richard

          • 2. Re: Encryption Users removed after moving systems in System Tree
            cisadmin

            Hi Richard,

             

            Is this related to specific ePO and EEPC versions?

             

            We have tested with ePO 4.6.2 and EEPC 6.2 moving a system all around the system tree, waking the agent, running the EE LDAP Sync etc.

             

            The user we have assigned originally remains assigned no matter where we put it.

             

            This is our experience since begining to use EEPC from the very outset. Below is an image of a basic test we ran. We pulled the system out of the main LAPTOP group it was in and placed it in all of these groups waking it up and syncing as we went for thoroughness. The user stayed with the system.

             

            ScreenHunter_01 Sep. 11 11.13.jpg

             

            The policy applied has Add Local Domain Users DISABLED so the user is not being re-added.

             

            It is our undertsanding that when you assign a user to a system they are tied to that system. This is the only way EEPC could actually work correctly without adding all users to Group Users.

             

            For example, best practice for upgrading EEPC is to create a group for the agent install and reboot. Seperately create a second group for the EEPC client, install and reboot. Going by your logic when I do this my user will be removed and when I place it back in to the normal population I have to reassign the user again?

             

            Can you run a test similar to the one run here and let us know your result? Also if you let us know how your test ePO and EEPC is configured we can try and get to the bottom of this.

             

            Regards,

             

            Caveo Systems Technical Support