When you unregister a device from its zone, the Full Disk Encryption Agent continues to enforce the Disk Encryption policy. Encrypted volumes remain encrypted and the ZENworks PBA (if it is enabled in the policy) continues to provide pre-boot authentication.
If you then register the device in another zone (or reregister it in the same zone) and assign a Disk Encryption policy to the device, the Full Disk Encryption Agent enforces the new policy. If the new policy uses the same encryption settings (algorithm, key length, and so forth) as the device’s current policy, no encryption changes take place. If the new policy has different encryption settings, any encrypted volumes are decrypted and then re-encrypted using the new encryption settings.
To move a device:
Unregister the device. See Unregistering a Device
in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.
After the device is unregistered, the Full Disk Encryption Agent continues to enforce the Disk Encryption policy. Encrypted volumes remain encrypted and the ZENworks PBA (if it is enabled in the policy) continues to provide pre-boot authentication.
Register the device in the new zone. See Manually Registering a Device
in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.
After the device registers in the zone, the Full Disk Encryption Agent continues to enforce the Disk Encryption policy. However, because the policy is not assigned to the device through the zone, you cannot modify the policy in ZENworks Control Center.
(Optional) Assign a new Disk Encryption policy to the device.
If you want to manage the Disk Encryption policy for the device, you need to assign a new policy that exists in the zone. To ensure that the device’s volumes are not decrypted and then encrypted again, make sure the new policy uses the same encryption settings (algorithm, key length, and so forth) as the device’s current policy.