Disabling McAfee Drive Encryption

Owned by George Moore (Deactivated)
Last updated: Mar 11, 2014Version comment

Overview

In some cases, such as OS upgrades or service pack installations, drive encryption may need to be disabled. Use the following process to disable drive encryption.

If the computer is not booting properly or you cannot get past the pre-boot authentication, you will need to perform an emergency recovery.

Process

  1. The FSP should first log into the ePO Console.
  2. Once logged in, select menu in the top left, then select System Tree under the Systems Section.
  3. Select My Organization from the left hand system tree, then change preset to "This Group and All Subgroups"
  4. In the search box, enter the name of the computer you wish to disable drive encryption on.
  5. Check the check box next to the computer name, and select Actions->Tag->Apply Tag
  6. Select Remove_MDE from the tag list and click ok.
  7. Upon next policy enforcement, the computer will start the decryption process. The McAfee agent will still be installed with disk encryption but encryption will be disabled. To re-enable encryption, simply check the box next to the computer name in the system tree, then click Actions->Tag->Clear Tag-> to remove the Remove_MDE tag.
  8. To completely remove the McAfee agent, select the check box next to the computer name, and click Actions->Directory Management->Delete->Remove Agent on next Agent-Server Communication.
  9. The computer object will show back up in the system tree after the next AD sync (it runs every hour)

To enable MDE again, simply check the box next to the computer and select Actions->Tag->Clear Tag to delete the Remove_MDE tag

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.