Overslaan naar hoofdinhoud

Moving a managed DESlock+ workstation to a new owner - Kennisbank / ESET Endpoint Encryption - ESET Tech Center

Moving a managed DESlock+ workstation to a new owner

Lijst van auteurs

The following guide details the steps to take if a new user is being given ownership of a workstation that is managed by an Enterprise Server and the old user needs to be removed from the machine.

1. Activate the new user

Login under the new Windows profile of the new user on the workstation in question.  When prompted for an activation code activate the user as detailed in the following article:

KB216 - How do I activate a new client (Enterprise Server v2.5.2 or later)?

(Note: As the software is already installed, you can skip the installation part of the article above)

2. Add the new user to Full Disk Encryption

If the system is already full disk encrypted then the new user will require an FDE login on the machine.   This can step be skipped if Full Disk Encryption is not already in place on the machine.

  • Login to the Enterprise Server.
  • Select the Users branch in the left hand navigation tree.
  • Select the new user that was activated on the machine in step 1 in the list of users.
  • Click the Details button.
  • Select the Workstations tab.
  • Select the workstation they activated on in the list of workstations.
  • Click the Goto button to display details of the workstation.
  • Select the FDE Logins tab.
  • Click the Add button.
  • Select the login type then click Next.
  • Select the Email address of the user that was activated in step 1 then click Next.
  • Fill out the required details for the Add FDE Login command then click Add.
  • Synchronise the client workstation for the command to be received then the Enterprise Server as detailed here: How do I manually synchronise the Enterprise Server and DESlock+ client?
  • You should now find the new login is listed in the FDE login tab with a status of OK.
  • You may at this point like to get the new user to reboot the system and verify they can boot through the DESlock+ Preboot screen successfully with their FDE login details.

3. Deactivate the original user

This will remove the original user from the system. 

Important: You will need for the original Windows profile of the user being targeted for deactivation to be loaded in order for this command to be processed successfully.

  • Login to the Enterprise Server.
  • Select the Users branch in the left hand navigation tree.
  • Select the user in the list of users in the Enterprise Server.
  • Click the Details button.
  • Select the Workstations tab.
  • Select the machine that they are being removed from in the list of Workstations.
  • Click the Deactivate button.
  • Set the Are you sure you want to deactivate this user? checkbox to confirm the operation.
  • Click the Deactivate button.
  • Login to the Windows profile of the original user being deactivated, if the user was already logged in click the Enterprise Sync menu item from the DESlock+ menu.  Please see this article for more details: How do I manually synchronise the Enterprise Server and DESlock+ client?
  • On the Enterprise Server click the Proxy Sync button in the lower left corner.

Note: If the user has been deactivated from all the machines they use they will still be using a licence on the Enterprise Server indicated by their icon being blue in colour  If they will no longer require a licence this can be resolved by revoking the users licence from the Enterprise Server as detailed below.

  • Select the Users branch in the left hand navigation tree.
  • Select the user in the list of users in the Enterprise Server.
  • Click the Details button.
  • Click the Revoke licence button.
  • If a message appears detailing that the user only has a single licence, click OK, click Close, ensure the correct user is selected, click Delete, confirm your Enterprise Server password to delete the user.

4. Remove the old users FDE login

This process will only be required if the machine is using Full Disk Encryption.

  • Login to the Enterprise Server.
  • Select the Workstations branch of the navigation tree.
  • Select the Workstation they were previously using in the list of workstations.
  • Click the Details button.
  • Select the FDE Logins tab.
  • Select the old users FDE login in the list of logins (you can use the associated user field to correctly identify the correct login).
  • Click the Remove button.
  • Set the checkbox Are you sure you want to remove usernamethen click the Remove button.
  • The login will change state to Delete Pending.
  • The operation will happen automatically over time.  To speed up the process perform a manual sync of client workstation then Enterprise server as detailed here: How do I manually synchronise the Enterprise Server and DESlock+ client?
  • Once the command has been processed the login will be removed from the list of FDE Logins.

  

Related articles: Removing DESlock+ from a workstation

Reactie toevoegen

Log in of registreer om een reactie te plaatsen.

Heeft u een wachtwoordherinnering nodig?