Unmanaged WDE to Managed WDE (without decryption)
Created: 06 Mar 2013 • Updated: 15 Apr 2013 | 2 comments
This issue has been solved. See solution.
I'd appreciate any ideas on the following scenario.
I'm dealing with some unmanaged encrypted disks, however now we're moving to a managed environment. The thing is that it'd be really good (in terms of time) to find a way to make managed encrypted disks those unmanaged encrypted disks without decryption.
I've done some tests and deployed the policies created in the Encryption server into the unmanaged disks, we didn't decrypt the disks (to save a lot of time). The policy establishes deployment of SKM + ADK + disk admin passphrase + SSO integration. The unmanaged disks have their own admin and user. Therefore, after installing the agent generated from the EncServer (without uninstalling the previous one) we can see in the Encryption Desktop all of these users "old" and "new". BUT the problem is that I cannot delete manually the old users, we cannot add manually new users and the worst we cannot decrypt the disk with any user, old or new.
I'm thinking as well that the policy from the Encryption server says to encrypt the Windows partition meanwhile the unmanaged deployment said to encrypt the whole disk, this might cause some "conflicts".
Any help would be very appreciated.