How to remotely disable a workstation
|
|||
It is possible to use settings and commands from the ESET Endpoint Encryption Server (EEE Server) to disable access to data on a workstation. This can be useful if a machine is lost or stolen. These options are only available for Workstations that are under the management of an EEE Server.
Deletion of encryption keys (Deactivation)The encryption keys within a users key-file provide access to granular encrypted data (e.g. Encrypted Files, Encrypted Folders, Encrypted Removable Media, Encrypted Emails etc.). By using the deactivate command the users key-file will be deleted removing access to their copies of the encryption keys. In order for the command to be received the target machine must be connected to the Internet and logged in to the Windows profile that contains the users key-file. To send a deactivate command follow the steps below:
It is possible to reactivate a machine in the future that has been deactivated to regain access to granular encrypted data if required.
Disabling of a full disk encrypted system (Disable)If a machine is full disk encrypted then the FDE logins can be removed to prevent the machine from being able to be started using those credentials. When removing the logins you can choose to leave the FDE admin login if required so that the login can still be used to start the machine. This process also has the option to force the machine to reboot upon processing the command so any user currently using the system will be stopped from using the machine. The disable command requires that the machine is connected to the Internet in order for the command to be received. It is important to note that if a machine has been disabled and all FDE logins removed it will not be possible to access any of the data on that system. Note: to gain entry into a disabled workstation you will need to carry out a manual recovery, please see our article below: KB346 - ESET Endpoint Encryption Full Disk Encryption Recovery Overview
To send a disable command follow the steps below:
Timed expiryThe Workstation Policy contains options to force the client to disable automatically if it is unable to contact the EEE cloud for a specified period of time. It is important to note that you should use these options with caution. If for some reason the machine is unable to access the cloud for the specified period of time the disable action will be performed. Therefore if you intend to use the options they should be set with an amount of leeway to allow for network problems, user vacations, machine repairs and other unexpected events that could delay connection to the cloud. The settings that control this capability are within the Server Communication Settings section of Workstation Policy. The relevant options are detailed below:
For details of the process to modify a workstation policy, please see this article: How do I modify workstation policy?
keywords: remotely disable workstation disabling | |||
|