1 of 1 people found this helpful
I can't help with the docking station issue, but if you're on 6.2 then the recovery keys will be persisted indefinitely. However, once the machine has been removed from ePO, you will have to get the keycheck value from the disk (using EETech) and then use the scripting API to query the recovery key from ePO (sample python files are included to show how to do this).
V7 adds the ability to fetch a recovery key by keycheck value to the EEAdmin UI.
sounds like the same problem VPN users have - https://kc.mcafee.com/corporate/index?page=content&id=KB52949&actp=search&viewlo cale=en_US&searchid=1354892562030
You would be best talking to your platinum support person about this, or asking questions at ePolicy Orchestrator (ePO)
Though this is affecting your EEPC rollout, it's actually an EPO/McAfee Agent function.
Thanks for the answer from both of you. The docking station issue does indeed appear to be the same issue as VPN users.
Just so I am clear about the other issue. If a laptop is encrypted and hasn't been seen for 30days and is then deleted from EPO via a scheduled task, I am no longer able to perform an Encryption Recovery from within EPO? I have to manual be at the laptop with a EETech disk to do a recovery?
I did a quick test and deleted a laptop from EPO and then tried a password recovery and this worked. Does it take some time to delete the data?
password recovery is all about users - you didn't delete the user, you deleted a machine
Yes, if you delete the machine from EPO, and it does not re-connect and retrieve its key, you'll find it harder (but not impossible) to recover - you'll need to work out the key check value, export the key using the API etc.
Rather than delete them after 30 days, maybe you should move them to another group, and use a more generous timescale before actually wiping them out to make recovery a little easier?
Yes I think moving them to another group and excluding them from our reports is the best step forward. After all, we are only encrypting 600 laptops anyway.
Thank you for your help and clarification.