I'd like an answer to this as well.
I wrote a batch script that queries the regkey "HKLM\Software\Encryption Anywhere\Hard Disk\EAFS\Disk0" and captures the state of the following 4 values:
- DecryptionInProgress
- EncryptionInProgress
- StatusDecrypted
- StatusEncrypted
This key is normally inaccessible to the user but you can raise the permissions by granting Full Control to that key to an account or group that has local admin rights on that machine.
Actually I found through trial and error that I need to grant permissions to the Disk0 key and the EAFS key above it.
I use the fantastic freeware SETACL64.EXE tool to do this (http://helgeklein.com/setacl).
So the actual commands in the script are:
- setacl64.exe -on "\\%_REMPCNAME%\hklm\software\encryption anywhere\hard disk\eafs" -ot reg -actn ace -ace "n:%_SEEREGELEV%;p:full" -silent
- setacl64.exe -on "\\%_REMPCNAME%\hklm\software\encryption anywhere\hard disk\eafs\disk0" -ot reg -actn ace -ace "n:%_SEEREGELEV%;p:full" -silent
Where %_REMPCNAME% is the name of the remote client and %_SEEREGELEV% is the domain account or group that has local admin rights.
Also, I use Sysinternals PSEXEC to actually execute SETACL64 remotely in the System context.
While all this works tolerably well, it's not optimized for speed. I am curious if Symantec has a better solution.
Roland