milicm.blogg.se - Bypass symantec encryption desktop

#BYPASS SYMANTEC ENCRYPTION DESKTOP DRIVERS#
#BYPASS SYMANTEC ENCRYPTION DESKTOP UPGRADE#
#BYPASS SYMANTEC ENCRYPTION DESKTOP FULL#

It took me some man hours to identify that SED needed to be upgraded because Windows 10 20H2 setup did not flag SED as a blocker during comaptibility scans or even during the upgrade. However, with 3rd party security solutions, one will need to check for compatibility. Now, Microsoft security solutions like Defender, Bitlocker are natively compatible with newer Windows 10 OS versions and support In-place upgrades out of the box. $CCMTemplate = “$( $env:windir) CCMSetupCompleteTemplate.cmd”Ĭopy-Item -Path $CCMTemplate -Destination “$( $env:windir) CCMSetupCompleteTemplate.Recently I worked on a project that involved upgrading Windows 10 OS version to 20H2 on devices encrypted by Symantec Encryption Desktop.

$PGPFile = Get-Content -Path “$( $PGPDest) SetupComplete.cmd” Value( “OSDSetupAdditionalUpgradeOptions”) = “/ReflectDrivers $( $PGPDest) “ $CMDFiles = “$( $ScriptPath) Win7″ | Get-ChildItemĬopy-Item “$( $CMDFile. # Set the OSDSetupAdditionalUpgradeOptions task sequence variable Name | Stop-Process -ForceĬopy-Item $Driver. $FSO = New-Object -ComObject Scripting.FileSystemObject $PGPDest = “$( $env:SystemDrive) PGPTemp” $PGPSrc = “$( $env:windir) System32drivers”

#BYPASS SYMANTEC ENCRYPTION DESKTOP DRIVERS#

# Copy the encryption drivers if they exist $ScriptPath = Split-Path -Parent $MyInvocation.

Skatterbrainz has a ConfigMgr Health Check PowerShell module that works exceedingly well.

A healthy and functional Configuration Manager Hierarchy.

Decryption takes waaayyyy too long, and isn’t a valid option with the requirements given by the customer.īased upon the customer requirements and the options chosen, we will need the following items to build our solution:.

Symanted Encryption Server didn’t have an option to suspend encryption.

“Nuke and Pave” might take additional dev time to determine “What is user data?” for USMT to be right.

Ultimately, we chose option F (a combination of options B and E).

Use a varying combinations of the above options.

Leverage the “/ReflectDrivers” command-line option.

Include the encryption drivers by modifying the setup command-line.

Restore user files and data from network location (USMT).

Delete all partitions on the physical disk.

Capture user files and data to a network location (USMT).

Nuke and Pave (treat it like bare metal or replacement scenario).

To achieve the goal, we have some options available to us (there may be more than I’ve listed here, but you get it):

#BYPASS SYMANTEC ENCRYPTION DESKTOP UPGRADE#

Our solution needs to leverage SCCM and an In-Place Upgrade Task Sequence. They also use SCCM for endpoint management, software deployment and OSD. Their goal was to upgrade all Windows 7 clients to Windows 10 (Current Branch) without decrypting the volume, if possible.

#BYPASS SYMANTEC ENCRYPTION DESKTOP FULL#

The most recent customer was running Windows 7 with Symantec Desktop Encryption (complete with the server component for management) for full disk encryption. And yes, I prefer the Microsoft solution for its ease of management and integration points. Either that or they implemented prior to BitLocker being ready for prime time and never bothered to change the solution. “Why?”… well… it’s most likely that they have a really good Symantec sales rep. Recently, I’ve had a few customers who use full disk encryption from Symantec (Symantec PGP, Symantec Endpoint Encryption, or Symantec Desktop Encryption) on client computers instead of Microsoft BitLocker.