Endpoint Encryption

Hello. I have problem right now in my desktop. First I install the agent and drive encryption into my computer even i am not in the domain. The result is my drive is encrypted and when i restart it I cannot boot it to open anymore. What i did is I restore my computer at earlier time. The good thing is I able to boot again my desktop. The problem is I dont see anything in my AGENT and I cannot uninstall my agent and drive client. It says that the drive is still encrypted?

Hi,

I presume you followed serverless installation of SEE 11.0 like in below KB:

http://www.symantec.com/docs/HOWTO101707

Is that right

At this stage I would backup your important data and try to run a

Customize WinPe Recovery tool followed below KB to decrypt the drive

Windows PE Recovery Tools for Symantec Endpoint Encryption 11.0.0
http://www.symantec.com/docs/TECH223783

HTH

... and please be aware that for the Standalone Encryption installation you should NOT use SEE product but Symantec Drive Encryption.

I found this thread searching for a response to a similar question.

I see this kind of response regularly and find it extremely frustrating. You cannot find any reference to Symantec Drive Encryption anywhere on the Symantec site. Any links found on search engines get redirected to the Encryption Family page, and there is no mention whatsoever of any drive encryption product aside from SEE. Please provide a link to this mythical Symantec Drive Encryption so us standalone users can use the proper product.

Hi,

One of the most important link page for the Symantec Endpoint Encryption product documentation is:

http://www.symantec.com/business/support/index?page=content&key=55414&channel=DOCUMENTATION&version=63612&sort=recent

So called Symanted Drive Encryption is a different product comming from PGP family being a part of Symantec Encryption Desktop

Below is the link for the naming convetion used after rebranding:

http://www.symantec.com/docs/TECH197084

Installation guide for the Symantec Drive encryption can be found here for example:

Deploying Symantec Drive Encryption and PGP Whole Disk Encryption Clients
http://www.symantec.com/docs/TECH188618

HTH

This is where the confusion lies, and this is where Symantec falls flat on their face when delivering this product. There used to be a separate end-user-friendly package that could be installed with a simple, straightforward interface where the consumer could easily encrypt/decrypt their drives, set and change boot passwords, etc. Now the only thing remotely close to any decent documentation on standalone use is at http://www.symantec.com/connect/articles/how-set-serverless-standalone-installation-symantec-endpoint-encryption-version-11. Even with this, it's a convoluted mess.

For an end-user, this is ridiculously complex and gives absolutely no feedback on how things are progressing, nor does it allow them to do any meaningful changes. For all intents and purposes, you have abandoned the standalone user. The PGP suite used to be an outstanding line of products. Had I known Symantec had gone this far off the rails, I never would have recommended it to my client.

Actually, Symantec is still developing and licensing people for Symantec Encryption Desktop when they need standalone. If you purchased Symantec Endpoint Encryption, and are deploying it as a standalone solution, your are able to download Symantec Encryption Desktop, which is a standalone user-friendly encryption solution. We do not recommend using SEE for standalone. Simply select the top option for Drive Encryption Standalone (wihout server) when you are at the fileconnect website.

Medadsrc, were you able to decrypt with all of the resources _Adam_ provided?
 

The most important piece of information that you need is, with standalone SEE Deployments you MUST initiate the decrypt from a command prompt.

Please see the commandline interface guide :
Symantec Endpoint Encryption Drive Encryption 11 Administrator Command Line Guide

http://www.symantec.com/docs/DOC7716

Once you have the command prompt open, you will need to navigate to the SEE 11 installation folder, which contains the eeadmincli.exe file...
Typically, C:\program files\symantec\endpoint encryption\drive encryption

From there, the following commands will be useful for you :

eedAdminCli --enum
eedAdminCli --status -
eedAdminCli --status --disk 1    (or any disk number)

and the decrypt command

eedAdminCli --decrypt --disk 1 --au adminuser --ap adminpasswrd

Hi,

How do you know/set the <AdminUserName>? Apparently it is not the same as the Windows admin user name. When I try the command above to decrypt my disk i get the following error message:

Managed Console Admin not registered
Operation start decrypt disk failed:
Error code -12240: User not found

I know I know the password, since I am able to change it in the SEE Manager, but what's the username? I am running in serverless mode...

Thanks,

/Joel