To move a device to a zone where Endpoint Security Management is active and the Endpoint Security Agent is an enabled feature for the ZENworks Adaptive Agent:
Unregister the device. See ZENworks 11 SP2 Discovery, Deployment, and Retirement Reference.
This clears all security policies and removes the device as a registered device in the zone.
Register the device in the new zone. See ZENworks 11 SP2 Discovery, Deployment, and Retirement Reference.
If the device had a Date Encyption policy applied to it in the old zone, do the following to support the encrypted files in the new zone:
Export the data encryption keys from the old zone and import them into the new zone. See ZENworks 11 SP2 Endpoint Security Policies Reference.
Assign a Data Encryption policy to the device that satisfies the following requirements:
Defines the device’s folders that have encrypted files as Safe Harbor folders. The new Data Encryption policy should have the same Safe Harbor folders as the old Data Encryption policy. For example, if the device has encrypted files in the c:\encrypted_files folder, define it as a Safe Harbor.
Enables user-defined Safe Harbor folders (if the old policy supported this). This allows the user to have access to the encrypted files in any user-defined Safe Harbors on the device.