How to uninstall Symantec Endpoint Encryption (SEE) if it was deployed through a Group Policy Object (GPO)
search cancel

How to uninstall Symantec Endpoint Encryption (SEE) if it was deployed through a Group Policy Object (GPO)

book

Article ID: 151420

calendar_today

Updated On:

Products

Endpoint Encryption Desktop Email Encryption Drive Encryption Encryption Management Server File Share Encryption Gateway Email Encryption Policy Based Encryption

Issue/Introduction

How can SEE be uninstalled if deployed through a GPO?

Environment

SEE 11.4 MPX, SEE 12, SEE 12.0.1

Resolution

Important Note: It is not usually recommended to decrypt drives.  Decrypting drives could leave the system in a vulnerable state and should be done only with special considerations such as the following:

*Where the machine is located (inside of a secured location our out in the wild). 
*What the reason for decrypting is? Is it a troubleshooting step? 
Typically, decrypting is not necessary for most troubleshooting and may be more risky than it's worth.

*Are you decrypting to upgrade Windows?  This is not needed as our software has functionality to accommodate this seamlessly. 
179265 - Automatically upgrade Windows 10/11 systems encrypted with Symantec Endpoint Encryption (SEE)

*Are you trying to upgrade the SEE Client?  Decrypting is not necessary in order to upgrade the SEE Client. 
252118 - Installing and Upgrading the Symantec Endpoint Encryption Client (Deployment of SEE Client)

*Decrypting systems remotely has inherent risks associated to it, and it is better to decrypt while working on the system in front of you to ensure security.
153530 - Best Practices: Symantec Endpoint Encryption and Symantec Drive Encryption

If you are thinking about decrypting systems remotely, it is best to reach out to Symantec Encryption Support for further guidance.  

 

There are a couple of ways this can be accomplished:

Manual uninstall:
  1. The installation policy must be removed from the computer. This will prevent an automatic reinstallation of the policy.
  2. If there is a policy in place that forces the drive to stay encrypted, this will need to be removed.
  3. A Client Admin can login and decrypt the drive.
  4. Once the drive is decrypted, the software can be removed through Add/Remove Programs.


GPO uninstall:
  1. Create an Organization Unit (OU) which will contain the computers that need to have SEE removed.
  2. Within that OU, create a policy to decrypt the machine.
  3. Create a policy to remove the software that will run once it's decrypted. If the computer is given enough time, it will decrypt and remove the software on its own.
  4. If instructions are needed for removing a package via GPO, please see the "Remove a Package" heading in the following Microsoft knowledge base article: http://support.microsoft.com/kb/816102.





 

Powered by Wolken Software