1 Reply Latest reply on Feb 13, 2015 9:50 AM by jhall2

    Recovery/status information after inactive agent cleanup

    robsara

      We are in the process of implementing Endpoint Encryption and has some questions around how certain (recovery keys, encryption status, etc.) particularly when inactive agent cleanup is in place.

       

      We currently clean up inactive agents after 30 days. After that time, is there any information still retained about those systems? For instance, if a user has been offline (let’s say an extended medical leave), would we be able to 1) perform a recovery if the user forgot their password, and/or 2) confirm the machine was encrypted if it the device was lost?

       

      Additionally, does anyone know where that key information is stored? I would think it would be stored in the database, but I don’t seem to see any tables that would have that information?

       

      Thanks

        • 1. Re: Recovery/status information after inactive agent cleanup
          jhall2

          The recovery information will be retained but will require using the disk keycheck to export it. This will require booting the system with DETech, retrieving the disk keycheck, exporting the recovery information, and emergency booting or decrypting the system. The encrypted machine and recovery key are stored in the ePO Database in a key table. They are retained after the machine is deleted but are not associated to any system properties, only the systems ePO Leaf Node ID (Which is deleted) and disk keycheck.

           

          When the machine is purged, the ePO Leaf Node ID and all information associated to it is deleted. This includes, tags, policies assigned to single system, and Drive Encryption users. Audit information found under Menu | User Management | Audit Log is retained. The audit log shows when a system is encrypted and decrypted but does not specifically show the last state of the machine. For this the properties attached to the ePO Leaf Node ID would be required which are lost upon deletion.

           

          I recommend editing the query for the task and exempting systems with encryption using the filter tab. A second task can be created for systems with encryption that will delete after a longer period of time.