You can issue server-based commands from the Symantec Endpoint Encryption Users and Computers snap-in in the Symantec Endpoint Encryption Management Console, and from reports in the Symantec Endpoint Encryption Reports snap-in. The commands are to encrypt or decrypt fixed disk drives on the computers that:

• Have Microsoft Windows installed
• Have Opal v2 compliant drives
• Have a version of Symantec Endpoint Encryption Full Disk 8.2.1 or later installed
  
  

Server-based commands can be applied to groups of computers, individual computers, or one or more drives on a single computer. If a group does not contain computers—such as groups that contain only users—you receive an error and the command is not issued. The server-based command menu is not available for the Deleted Computers group.

Notes: If a computer has managed drives and unmanaged drives, the command is applied to the managed as well as unmanaged drives.

             If a computer has a Remote Decryption policy enabled, you cannot encrypt the drives. The encrypt command fails silently.

             The server-based commands are not applicable to the Mac FileVault Client computers group.

Once a client computer checks in with Symantec Endpoint Encryption Management Server, it receives the server-based command. The Management Server tries to send the command for up to 30 days. After 30 days, the command expires and is deleted. Commands not yet received by computers can be canceled.

The Symantec Endpoint Encryption Server Command snap-in provides reports on issued commands. It also provides an interface for canceling pending commands.

To issue or cancel a server command from the Symantec Endpoint Encryption Users and Computers snap-in, you must have either the Server Administrator role, or the Policy Administrator role.

To issue or cancel a server command from a report in the Symantec Endpoint Encryption Reports snap-in, you must have the Server Administrator role, or the Policy Administrator role and the Report Administrator role.

To cancel a server command from the Symantec Endpoint Encryption Server Commands snap-in, you must have either the Server Administrator role or the Policy Administrator role. You can issue or cancel server-based commands only for the client computers that belong to the endpoint groups that are assigned to you.

Notes:

• You can issue or cancel server-based commands only for client computers that belong to the endpoint groups that are assigned to you.
• On a client computer, a client administrator or privileged user can locally reverse a server-based command. The reversal can be done by running the appropriate commands from the Drive Encryption Administrator Command Line interface. See Symantec Endpoint Encryption Drive Encryption Administrator Command Line Guide.