Technical support

Knowledgebase: Encryption
ESET Endpoint Encryption and System Image Deployment
Article ID: KB473 email a link to this article

If you wish to use ESET Endpoint Encryption in a system image for deployment, please be aware of the following:

Workstation ID (Duplication)

When activating a managed client, a unique Workstation ID is generated enabling the ESET Endpoint Encryption (EEE) Server management console to communicate with the Workstation.

If a system image is created with an activated EEE client, the EEE Server will have multiple instances of the workstation to communicate with. As commands can only be retrieved by one instance, this will cause multiple issues while trying to control the estate.

To check your workstation ID's please see our article below:

KB249 - How does the user find their Workstation ID? 


Full Disk Encryption (Encryption Key Duplication)

When installing a managed client MSI with the Workstation Policy to 'Automatically start encryption after installation' enabled, the Full Disk Encryption Key is generated during the install process. As such, if an already installed MSI is used in a system image the Full Disk Encryption Key will be identical for each subsequent image deployed.

KB441 - Automatically Starting Full Disk Encryption (FDE) 

If you are using an image distribution software package such as Microsoft Deployment Tools (MDT), EEE can be applied without installation or activation. MDT will allow EEE to be installed using MSIExec for each deployment. Please see documentation below: 



You have a duplicated Workstation ID.



You have previously or currently have an activated EEE MSI installed on your deployed system image.



Apply the following changes to your system image:

1. Delete 'DLSDBLK0.sys' from C:\windows\system32\drivers \
Note: DLSDBLK0.sys is a hidden system file which is read only, so you will need to adjust the Windows Explorer settings to view it.

2. Remove the activation registry keys from ALL user profiles that have been activated in the image.
See: - How to reset the activation process of a managed client

3. Remove ALL user's tokenstore.dat files found in C:\Users\USER\AppData\Local\DESkey\DESlock+\

4. Reboot the workstation.

With this done, EEE should work correctly when the image is applied to other machines.

Kewords: MDT stock image gold acronis clonezilla paragon

We use cookies on our website to enhance your browsing experience. Read more