4 Replies Latest reply on Nov 9, 2016 1:55 AM by davidp64

    Decryption via console 5.1.3


      Hey guys,

      I thought I had a good idea on how to decrypt a machine but its not happening.  Can you explain what step I am missing?


      I have 2 test machines, and I have them encrypted by assigning a client task to the OU that it sits in (system tree).  They encrypted after I added users. Now I want to decrypt them. I see on the client that it is picking up the task but never going.  I wonder if its being overwritten by the other policy that is assigned (encrypt)? Here is what I did:


      1. Click Client Task Catalog
      2. Expand McAfee Agent > Product Deployment
      3. Click Actions > New Task
      4. Choose Product Deployment
      5. Type a name “Decrypt a Machine”
      6. Choose Windows for target platform
      7. Next to products and components, select the McAfee Drive Encryption for Windows
      8. Click [+]
      9. Select McAfee Drive Encryption Agent for Windows
      10. Set each Action to Remove




      1. In the web interface, navigate to SystemTree
      2. Check  the box beside the machine you wish to decrypt
      3. Select
        Actions > Drive Encryption > Export Recovery
      4. Save the .xml file to somewhere safe in case something happens
      5. Navigate back to SystemTree
      6. Check the box beside the machine you wish to decrypt
      7. Click Actions > Agent > ModifyTasksona
      8. Click  Actions > NewClientTaskAssignment
      9. Choose
        McAfeeAgent > ProductDeployment > Decrypt
        aMachine (RemoveWDE)
      10. Click
      11. Change
        Schedule Type: to RunImmediately
      12. Click
      13. Click
      14. On
        the client, open the McAfee Agent Monitor and click Check New Policies.
        • 1. Re: Decryption via console 5.1.3

          Hello Tyler,


          If you want to perform decryption for encrypted machine,than you have to perform below steps:


          System Tree>>Select machine>>Actions>>Modify policies on a single system>>Select Drive encryption in product list>> uncheck Enable policy form Product setting>>General.



          Apply these policy to encrypted machine and wait for few minutes,if you check on client machine status will shows as decryption..


          If above information will help you than correct this answer..



          • 2. Re: Decryption via console 5.1.3

            Thanks! That seems to be simpler than expected.


            I went to system tree and selected the system, and modified policies on the single machine. The two things I can click on to is Edit Assignments and the name of the policy.  If I click the name of the policy and uncheck the enable box, it seems to do it for everyone. Which step am I missing to make it only for this one?

            • 3. Re: Decryption via console 5.1.3

              Hmm I made a new policy called Unencrypt and set Product Settings to not encrypt any drives.  Then I modified Policies on a single system, and broken inheritance to select this policy. Looks like it worked. Decryption has started.  Should be OK right?

              • 4. Re: Decryption via console 5.1.3

                Yes Great,


                You are right,for particular machine need to break inherit.