Administrator Guide
Uninstall Encryption and Encryption on Server
Operating System
● To reduce decryption time, run the Windows Disk Cleanup Wizard to remove temporary files and other unneeded data.
● Plan to decrypt overnight, if possible.
● Turn off sleep mode to prevent an unattended computer from going to sleep. Decryption cannot occur on a sleeping
computer.
● Shut down all processes and applications to minimize decryption failures because of locked files.
● Once the uninstall is complete and decryption is in progress, disable all network connectivity. Otherwise, new policies may be
acquired that re-enable encryption.
● Follow your existing process for decrypting data, such as issuing a policy update.
● Encryption and Encryption External Media update the Dell Server to change the status to Unprotected at the beginning of a
client uninstall process. However, in the event that the client cannot contact the Dell Server, regardless of the reason, the
status cannot be updated. In this case, you will need to manually Remove Endpoint in the Management Console. If your
organization uses this workflow for compliance purposes, Dell recommends that you verify that Unprotected has been set as
expected, either in the Management Console or Managed Reports.
Process
● Before beginning the uninstall process, see (Optional) Create an Encryption Removal Agent Log File. This log file is
useful for troubleshooting an uninstall/decryption operation. If you do not intend to decrypt files during the uninstall process,
you do not need to create an Encryption Removal Agent log file.
● The Key Server (and Security Management Server) must be configured prior to uninstallation if using the Encryption
Removal Agent's Download Keys from Server option. See Configure Key Server for Uninstallation of Encryption Client
Activated Against Security Management Server for instructions. No prior action is needed if the client to uninstall is
activated against a Security Management Server Virtual, as Security Management Server Virtual does not use the Key
Server.
● You must use the Dell Administrative Utility (CMGAd) prior launching the Encryption Removal Agent if using the Encryption
Removal Agent's Import Keys from a file option. This utility is used to obtain the encryption key bundle. See Use the
Administrative Download Utility (CMGAd) for instructions. The utility can be located in the Dell installation media.
● Run WSScan to ensure that all data is decrypted after uninstallation is complete, but before restarting the computer. See
Use WSScan for instructions.
● Periodically Check Encryption Removal Agent Status. Data decryption is still in process if the Encryption Removal Agent
service still exists in the services panel.
Command Line Uninstallation
● Once extracted from the master installer, the Encryption installer can be located at C:\extracted\Encryption
\DDPE_XXbit_setup.exe.
● The following table details the parameters available for the uninstallation.
Parameter
Selection
CMG_DECRYPT Property for selecting the type of Encryption Removal
Agent installation:
3 - Use LSARecovery bundle
2 - Use previously downloaded forensics key material
1 - Download keys from the Dell Server
0 - Do not install Encryption Removal Agent
CMGSILENTMODE Property for silent uninstallation:
1 - Silent - required when running with msiexec variables
containing /q or /qn
Uninstall Using the Child Installers 53