How to remotely decrypt a Symantec Endpoint Encryption - Full Disk (SEE-FD) client
Last Updated March 23, 2018
Remotely decrypting an SEE-FD client.
Decryption can be done in three ways:
Local Method: If the User was given the ability to decrypt the machine open the Client Console and use the option to decrypt manually
Local Method: When logging into the encrypted machine using the Symantec Endpoint Encryption Client Admin and opening the Client Console the option to decrypt the machine can be done manually.
Remote Method: Create a GPO policy (see steps 1-14 below), and apply it to all the machines which are in the location in the Symantec Endpoint Encryption Manager. The remote decryption policy is used by policy administrators to decrypt all encrypted disk partitions on computers protected by Symantec Endpoint Encryption-Full Disk without having to physically send a client administrator to the location(s) of the computers.
Creating a Remote Decryption Policy. To create a remote decryption policy, perform the following steps:
Right-click Group Policy Objects on the navigation tree.
Click New. The New GPO (Group Policy Object Editor) window displays.
Type the name of the Group Policy Object you wish to create.
Click OK. The new Group Policy Object you created is displayed in the navigation tree.
Right-click the new Group Policy Object on the navigation tree.
Click Edit. The Group Policy Object Editor (GPOE) displays.
Drag and drop to link the policy to the target location containing the computers you wish to decrypt.
Restart the computers receiving this computer policy to cause it to take effect.
Monitor decryption progress using the Client Monitor.
Warning: Although decryption of all disk partitions begins immediately after the remote decryption policy has been processed on the client computer, remote decryption is a computer policy which is only processed at boot time.
Imported Document ID: TECH104209
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe