2.3 Deleting ERI Files

Any time new encryption settings are applied to a device, the Full Disk Encryption Agent generates an emergency recovery information (ERI) file and uploads it to the ZENworks Primary Server. Previous ERI files for the device are retained on the ZENworks Primary Server, even after the device is unregistered, deleted, or retired from the zone.

If you decide that you no longer need all or some of a device’s ERI files, you can delete them.

2.3.1 Deleting ERI Files in ZENworks Control Center

  1. In ZENworks Control Center, click Full Disk Encryption.

  2. Under FDE Agent Management, click Emergency Recovery Information.

  3. In the list, locate the device whose ERI files you want to delete.

    Files are listed by device name and date. You can use the Search box to find all ERI files associated with a specific device.

  4. Select the check boxes next to the ERI files to delete, then click Delete.

2.3.2 Deleting ERI Files Using the zman Utility

  1. At a ZENworks Primary Server command prompt, enter the following command:

    zman fdepolicy-purge-eri (fpe) [(device path)(device path)...(device path)] [-b|--begin-date=yyyy-MM-dd HH:mm:ss] [-e|end-date=yyyy=MM-dd HH:mm:ss] [-u|--unregisteredDevices]

    The options are:

    [(device path) (device path) ... (device path)]: To purge the ERI files for specific devices, specify the full path for each device. Ignore this option to purge files for all devices.

    [-b|--begin-date=yyyy-MM-dd HH:mm:ss]: To purge ERI files starting with a specific date, specify the begin date. All files with a time stamp on or after the begin date are purged. Use this option with the end-date option to designate a specific time period.

    [-e|--end-date=yyyy=MM-dd HH:mm:ss]: To purge ERI files up to a specific date, specify the end date. All files with a time stamp on or before the end date are purged. Use this option with the begin-date option to designate a specific time period.

    [-u|--unregisteredDevices]: Purge ERI files for devices that are no longer registered in the zone but that still have ERI files in the ZENworks database.

    The following example purges all ERI files for device1:

    zman fpe /Devices/Workstations/device1

    The following example purges all ERI files for device1 that were created between the two specified dates:

    zman fpe /Devices/Workstations/device1 -b "2011-10-10 10:10:10" -e "2011-12-31 24:00:00"

    The following example purges all ERI files not associated with a registered device:

    zman fpe -u

    The following example purges all ERI files for all devices:

    zman fpe