Moved to ePO Web API
Looking at the commands in my ePO server (using MDE 7.1.3), I don't see the option. Here are the commands I do see (https://eposerver:8443/remote/core.help):
eeadmin.administratorRecovery challengeCode recoveryType [userId] - Drive Encryption Administrator Recovery
eeadmin.assignUser systemNode nodeId dn [recursive] [ldapServerName] - Drive Encryption user/group assignment
eeadmin.changeUserPassword userDn newPassword [oldPassword] - Drive Encryption change user's password
eeadmin.clearSSO userDn osType - Drive Encryption clear user SSO details.
eeadmin.deassignUser dn dnType [systemNode] [nodeId] [ldapServerId] - Drive Encryption user/group de-assignment
eeadmin.enableSystemTransfer [enable] [maxUsers] [searchOrder] - Drive Encryption system transfer.
eeadmin.exportMachineKey [machineId] [keyCheck] [oldKeys] - Drive Encryption export machine key
eeadmin.listRegisteredServers [serverType] - Obtain a list of registered servers
eeadmin.removeAllDuplicatesOfSelectedUser userId [ldapServerId] - Remove allduplicates of the selected user(s)
eeadmin.resetSelfRecovery userDn - Drive Encryption reset users self-recovery token.
This tool might get get you close: Endpoint Encryption Bulk Key Export Utility (EE Key Dump, EEExport)
We will be talking about the Web-API at FOCUS 2015, Session 89: Advanced McAfee ePO Techniques: Making ePO Work for You!
How can enabled the option "enableSystemTransfer"?
I'm using McAfee Web Api (ePO Web API Explorer) but I don't know the correct syntaxis; for example "enableSystemTransfer.Enabled='1' or similar.
While the Web API explorer is an extremely useful tool, the Web API explorer has a limitation in that it does not look at your ePO, but merely has a static list of commands built into it. Since it is a community-built tool (not an officially developed tool), it would be up to the person who made it to update it or have it dynamically pull the available commands which would be quite a bit of time by that person, but it doesn't hurt to ask.
This option (enableSystemTransfer) was introduced in MDE 7.1.3 to my knowledge. This document has the details on usage: McAfee KnowledgeBase - Drive Encryption 7.1 Patch 3 Client Transfer between ePO Servers Guide.
In order to see the commands in your ePO, run (https://eposerver:8443/remote/core.help):
I spent a while reading every document I could get my hands on before I finally figured this out. NONE of the McAfee documentation contains the correct syntax, you have to guess it yourself unfortunately.
The syntax to enable system transfer is: https://server-name:8443/remote/eeadmin.enableSystemTransfer?enable=true
I use curl for windows, so the full syntax on a windows PC is: curl –k –u userID:Password https://server-name:8443/remote/eeadmin.enableSystemTransfer?enable=true
Change userID and Password to your ePO admin credentials. This also accepts domain credentials in the format DOMAIN\userID, if you have a domain controller configured for authentication in the ePO, and a permission set configured against a security group that you're a member of.
- as mentioned above you will not find this full syntax in any of the McAfee documentation. Trust me, I've read it all. I even asked a tech support person to update the doco with a working example, but they said no.
- command is case-sensitive. For example, using https://server-name:8443/remote/eeadmin.enablesystemtransfer?enable=true simply won't work. Pay close attention to the capitilisation.
- this command has to be run on the destination ePO server
- system transfer only works with Drive Encryption version 7.1.3 and above. DE 7.1.3 and above has a minimum requirement for a particular version of ePO. I think it is 5.1, but check this before you do anything.
- I take no responsibility for anything that anyone does with this command. Do your research and always test in a small virtual test lab. You have been warned.
Regarding the original question of this post:
A bit overdue maybe but this can be done by passing a custom query to the web API:
This query will return all user names that are assigned to the system named "dph-pc1"
https://ePO_Server:<port number>/remote/core.executeQuery?target=EPESystemUsers&select=(select EPOLeafNode.NodeName EPESystemUsers.DisplayName)&where=(where (contains EPOLeafNode.NodeName "dph-pc1"))
The output will be:
System Name: dph-pc1
User Name (DE): dph
System Name: dph-pc1
User Name (DE): other-user
This query can also be extended to display:
- DN of users assigned.
- Is machine or system tree assigned.
- Group names and DN assigned to this machine.
Hope this helps.