Decrypt a device using a rule
You can decrypt and remove Disk Encryption Manager from multiple devices. Note that when you decrypt devices, you remove all encryption from all drives. If you need to re-enable decryption, you need to run the encryption process again.
Using a rule, N-able N-central automates the decryption and uninstall of Disk Encryption Manager with no user intervention, ensuring all selected devices automatically have a disk encryption solution removed.
You need to create a filter that selects devices based on the criteria you have for deployed disk encryption.
- Click Configuration > Monitoring > Rules and click Add.
- Enter a Name and Description.
- Click the Devices to Target tab and select the filters to add to the Selected Filters box.
- Click the Network Device Configuration Options tab, then Security Manager.
- From the drop-down next to Disk Encryption Manager, select Uninstall.
- You have the option to Leave the device encrypted or Decrypt all volumes.
- Click OK.
- If creating this rule at the Service Organization level, click the Grant Customers & Sites Access tab and select how to propagate the rule to other customers and sites and select the customer/sites from the list.
- Click Save.
Bitlocker is natively part of the device system. If you chose to remove the Disk Encryption Manager from a device and leave the disk encrypted, you will lose the management capabilities. Ensure you collect all recovery keys before choosing this option. You should ALWAYS obtain the recovery key. N-able does not store or backup recovery keys. If something goes wrong with the decryption, and you removed the device from N-able N-central, there is no way to recall the recovery keys or unlock the drive. N-able N-central stores deleted device recovery keys for 90 days.
Note that decryption cannot occur during a maintenance window.
BitLocker begins the decryption process on the disk drives of selected devices. The user will see a message indicating that the decryption process has started.