The following sections provide a best practice approach to removing Disk Encryption policies that have been deployed to devices.
Deleting a policy automatically removes the policy assignments. However, we recommend that you remove policy assignments before you delete a policy to see if the policy removal has any negative effects on the device. If so, the policy is still available to reassign.
Before uninstalling the ZENworks Adaptive Agent or uninstalling or disabling the ZENworks Full Disk Encryption Agent from a device, remove the Full Disk Encryption policy assignment and refresh the device so that the device is decrypted and the ZENworks PBA (if installed) is removed.
An Emergency Recovery Information (ERI) file enables you to recover the encrypted disk information if problems occur during the removal of the Disk Encryption policy. Verify that the device from which you are removing the policy has a current ERI file.
In ZENworks Control Center, click> .
Click the device to display its details.
The device’s ERI files are displayed in the list. If there are no ERI files, or you are not sure if the ERI file is the most current, go back to thelist, select the check box next to the device, then click > . Wait for the task to complete and then verify that the ERI file is displayed in the device’s ERI list.
When you remove a Disk Encryption policy from a device, the encrypted disks must be decrypted, the encryption drivers removed, and the ZENworks PBA removed. This takes some time and requires multiple reboots of the device. We recommend that you make the user aware of what to expect.