Migrate ESET Endpoint Encryption to ESET Full Disk Encryption
As ESET Endpoint Encryption and ESET Full Disk Encryption utilize the same technology for full disk encryption, you can migrate ESET Endpoint Encryption to ESET Full Disk Encryption without decrypting.
|
Before migration, ensure the recovery data is present inside the ESET Endpoint Encryption Server. After migration, you will still have access to the recovery data inside the ESET Endpoint Encryption Server. |
Supported platforms
Platform |
Version |
Supported |
|---|---|---|
Windows x64 |
10/11 |
✔ |
Server |
Any |
X |
Windows on ARM |
Any |
X |
macOS |
Any |
X |
Prerequisites
•Windows x64 computers with ESET Endpoint Encryption and Full Disk Encryption enabled.
•Administrator must have access to ESET Endpoint Encryption Server (EEES).
•All computers for migration must be on, managed by ESET PROTECT On-Prem / ESET PROTECT with connected ESET Management Agent.
•FDE users must exist with recovery passwords, and recovery data must be downloadable.
•Recovery via EEES may be needed if migration fails (for example, in case of power loss).
System requirements
•The system must support UEFI.
•Boot disk must be fully encrypted or encrypting (not decrypting).
•At least one active Full Disk Encryption user (besides administrator) must be logged in via bootloader.
•ESET Endpoint Encryption must be managed and with version 5.4+.
•TPM is supported only if ESET Endpoint Encryption is encrypted using username and password mode.
•The device must not be in maintenance mode, which means Pre-Boot Authentication must be enabled and booted via user credentials.
User selection during migration
The retained user is the last to boot and meets system requirements.
Rules for user selection
•If only one regular user exists, that user is kept.
•If the administrator booted, the last user who booted is kept; if no other user has booted, the first user is kept.
•If a user booted or used recovery, that user is kept.
•If the last user no longer exists, the first user is kept.
•If no valid user is available, the migration process will fail.
|
•ESET Full Disk Encryption supports only a single pre-boot user; others are removed. •The administrator must ensure that the desired user boots Windows before migration. •Migration fails if only the administrator remains. •Migration temporarily disables Pre-Boot Authentication for one reboot. •All non-FDE features (encrypted files, virtual disks, removable media, email encryption) will be lost; users must decrypt granular data before migration. •When ESET Full Disk Encryption replaces ESET Endpoint Encryption, the only way to access granular data will be by reinstalling ESET Endpoint Encryption on a new computer or by decrypting ESET Full Disk Encryption, uninstalling it and then reinstalling ESET Endpoint Encryption. •Single sign-on will be disabled until migration is complete and ESET Full Disk Encryption policy re-enables it. |
Perform migration
|
Ensure that the computer to migrate has the ESET Management Agent installed, is on, and is visible and connecting in the ESET PROTECT On-Prem / ESET PROTECT Computers section. |
1.Create a new Client Task > Software Install.
2.Set to install ESET Full Disk Encryption 2.3 or later.
3.In the Installation Parameters section, add EEEMIGRATION=1.
4.Run the task on the target computer.
Follow the Install and Reboot
•If ESET Full Disk Encryption is not licensed, migration will occur automatically, but Pre-Boot Authentication will be disabled. If ESET Full Disk Encryption is licensed, migration will occur automatically, without user interaction.
•ESET Full Disk Encryption policy is not considered until after the migration.
•ESET Full Disk Encryption will require an active ESET Full Disk Encryption subscription that is not expired, final conversion will not take place otherwise.
Migration success criteria
•ESET Full Disk Encryption replaces ESET Endpoint Encryption, retains one user, and applies the specified policy.
•Drives that are not encrypted (for example, secondary drives) will be encrypted according to the ESET Full Disk Encryption policy.