Skip to main content

Removing DESlock+ from a workstation - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Removing DESlock+ from a workstation

Authors list

Sometimes you may need to completely remove DESlock+ from a system because it is being replaced.  The instructions below describe this process for standalone or managed systems.

 

1. Decrypt data on the system

Granular Data

Note: If the system is to be used again after reinstalling or possibly by another user with the same encryption keys then this step may not be required.  If this is the case and the system is not managed by an Enterprise Server you should ensure you take a backup of the key-file as detailed here: How do I backup my Key-File?

Encrypted Folders

  • Right click on the Encrypted Folder.
  • Click DESlock+\Decrypt Folder with DESlock+...
  • Follow the steps through the wizard to create a decrypted copy. 
  • If the check box Leave encrypted backup is cleared on the final page of the wizard the encrypted copy will be removed automatically. 
  • Alternatively the folder with the name ending (DLP Backup) can be deleted manually once you are happy the data has decrypted successfully.

Encrypted Files

  • Right click the Encrypted File.
  • Click DESlock+\Decrypt file with DESlock+... 
  • If you want the original file deleted automatically click Yes to the offer to delete the encrypted version when offered. 
  • Alternatively click No and delete the encrypted version once you are happy the decryption has happened successfully.

Encrypted Archives

  • Open the Encrypted Archive.
  • Right click the archive name in the tree and then click Extract Archive.
  • Select a destination path and click OK to extract the archive contents. 
  • Once you have verified the extracted folder contains the files you require the archive can be deleted.

Virtual Disks

  • Mount the virtual disk and copy any data you require from it
  • Right click the DESlock+ tray icon.
  • Click Virtual Disks\Virtual Disk Manager.
  • Select the virtual disk in the list, click Unmount if it is currently mounted.
  • Click Delete.
  • Click Delete.

Removable Media

  • If the removable media is encrypted in file mode then you should first ensure you copy any required data from the encrypted folder as the removal process will delete it.
  • Right click the DESlock+ tray icon.
  • Click Removable Media\Removable Media Encryption.
  • Select the encrypted disk in the drive list.
  • Click the Decrypt or Remove button.
  • If the device was encrypted with file mode you will be prompted that all encrypted files will be deleted.
  • If the device was encrypted with full disk encryption mode decryption will commence.  You will need to wait until decryption has completed to use the device again.

Note: If you have any encrypted optical media that you require access to again then you should take plain copies of the data before removing DESlock+.

 

Full Disk Encryption 

Standalone

  • Login to DESlock+.
  • Right click on the DESlock+ tray icon.
  • Click the Full Disk Encryption\Full Disk Encryption item.
  • Click Manage Disks.
  • Select the disk or partition to decrypt then click the Decrypt button.
  • Enter the FDE admin password then click OK to commence decryption.  This will have been saved when you originally encrypted the machine.  Please see here for details: Why do I need an admin password?
  • The system can be used as normal while decryption is progressing.  If the machine is a laptop ensure that power is connected to prevent decryption from pausing.  You should also ensure any power saving settings are disabled temporarily to ensure decryption finishes if the machine is left unattended.

Managed by an Enterprise Server

  • Login to the Enterprise Server.
  • Select the Workstation in the list of workstations
  • Click the Details button.
  • Verify that the WorkstationID value displayed matches with the Workstation ID on the client.  To find the Workstation ID on the client see this article: How do I find my Workstation ID?
  • Click the Full Disk Encryption button.
  • Click Decrypt next to the disks you wish to decrypt.
  • Click the Decrypt button in the lower right corner of the dialog.
  • The command will be received automatically over time, to speed up the process see this guide: How do I manually synchronise the Enterprise Server and DESlock+ client?
  • The system can be used as normal while decryption is progressing.  If the machine is a laptop ensure that power is connected to prevent decryption from pausing.  You should also ensure any power saving settings are disabled temporarily to ensure decryption finishes if the machine is left unattended.
  • Wait for the decryption process to complete fully and the status of the workstation to return to not encrypted in the Enterprise Server.


2. Deactivate users of the machine (Managed clients)

This step is only required by workstations managed by an Enterprise Server.

  • Login to the Enterprise Server.
  • Select the Users branch in the left hand navigation tree.
  • Select the user in the list of users in the Enterprise Server.
  • Click the Details button.
  • Select the Workstations tab.
  • Select the machine that is being refreshed in the list of Workstations.
  • Click the Deactivate button.
  • Set the Are you sure you want to deactivate this user? checkbox to confirm the operation.
  • Click the Deactivate button.
  • Login to the Windows profile of each user being deactivated and click the Enterprise Sync button as detailed previously.

This above process should be repeated for all users of the machine.

Note: If the user has been deactivated from all the machines they use they will still be using a licence on the Enterprise Server indicated by their icon being blue in colour  If they will no longer require a licence this can be resolved by revoking the users licence from the Enterprise Server.

  • Select the Users branch in the left hand navigation tree.
  • Select the user in the list of users in the Enterprise Server.
  • Click the Details button.
  • Click the Revoke licence button.
  • If a message appears detailing that the user only has a single licence, click OK, click Close, ensure the correct user is selected, click Delete, confirm your Enterprise Server password to delete the user.


3. Uninstall software

Uninstall the software using the Windows Programs and Features control panel as detailed here: Uninstalling DESlock+ 

 

Keywords: decommission, destroy, migrate

Add a comment

Please log in or register to submit a comment.

Need a password reminder?