When you unregister a device from its zone, the Full Disk Encryption Agent continues to enforce the Disk Encryption policy. Encrypted volumes remain encrypted and the ZENworks PBA (if it is enabled in the policy) continues to provide pre-boot authentication.
If you the register the device in a zone where Full Disk Encryption is not active (or the Full Disk Encryption Agent is disabled or not installed), the Disk Encryption policy and the Full Disk Encryption Agent are removed from the device. Encrypted volumes are decrypted and the ZENworks PBA is removed.
To move a device:
Unregister the device. See Unregistering a Device
in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.
After the device is unregistered, the Full Disk Encryption agent continues to enforce the Disk Encryption policy. Encrypted volumes remain encrypted and the ZENworks PBA (if it is enabled in the policy) continues to provide pre-boot authentication.
Register the device in the new zone. See Manually Registering a Device
in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.
After the device registers in the zone, the Disk Encryption policy is removed and the Full Disk Encryption Agent decrypts any encrypted volume. The ZENworks Adaptive Agent then uninstalls or disables the Full Disk Encryption Agent.