Creating a de-initialization policy
Creating a de-initialization policy
This section details how to create an initialization policy for the FDE component only.
You need to have knowledge about the target computer for deployment. Details such as number of partitions, drive letters, whether encrypted, and so on are necessary for the successful deployment of Matrix42 Full Disk Encryption. Once the policy is created, deploy it, for details see Deploying FDE policies.
Follow the steps below to create a FDE initialization policy:
- Open the Control Center (as described in section 1.5).
- Double-click the Policy Builder icon.
- Select Full Disk Encryption policy builder.
- The FDE Policy Builder Welcome dialog appears.
- Click Next.
- The Policy selection dialog appears.
- Select Create a new policy.
- The Policy type dialog appears.
- Select Create a deinitialization policy and click Next.
- The Deinitialization options dialog appears.
Option | Details |
---|---|
Decrypt all encrypted drives (No password required) |
Check this option to decrypt all partitions encrypted by Matrix42 Full Disk Encryption. This option is only valid if none of the decrypted drives requires key input for decryption. Partitions that require key input for decryption can only be decrypted with the Decrypt specific drives or Decrypt by undoing an encryption policy options. |
Decrypt specific drives |
Check this option to decrypt specific partitions encrypted by Matrix42 Full Disk Encryption. If you select this option, you will be prompted to select the drive to be decrypted: Click Set decryption options to enter the decryption specifics: If a decryption password is required, enter and confirm the password as well as the key length, and click OK. |
Decrypt by undoing an encryption policy |
Check this option to decrypt any partition (except the partitions encrypted with a random key) encrypted via a configuration or initialization policy. If you select this option, you will be prompted to locate the encryption policy used on the target computer: Click ‘…’ to open the file browser, locate the policy, and press Next to continue with the steps below. The policy content will automatically be displayed in each dialog. |
Deinitialize Full Disk Encryption |
Check this option to temporarily deactivate (not remove) the full disk encryption component. |
Remove the product |
Check this option to remove Matrix42 Full Disk Encryption from the target computer. This will automatically include the Deinitialize Full Disk Encryption option. While removing the product please ensure that PBA is not initialized and that there are no encrypted drives on the target computer(s). If PBA (initialized) or an encrypted drive exists an error will occur during policy processing. It is therefore recommended to also check the PBA status and select the option Decrypt all encrypted drives if you want to access your data after Matrix42 Full Disk Encryption has been removed. |
- Once you have made your selection, click Next to continue.
Any option you check in this dialog will affect the dialogs that appear hereafter! The following steps assume that you have checked every option to configure every detail! If you have not checked some options and have reached one of the steps here that does not match that on your monitor, then skip the step(s) until you come to the correct dialog!
Policy Messages Options
- The Policy messages options dialog appears. The messages below are shown only on computers with Windows versions below Windows 10.
- This dialog allows you to define the following installation messages:
Option | This option determines if... |
---|---|
Show status dialogs |
… status dialogs should be displayed on the target computer during policy deployment. |
Show warning messages |
… warning messages should be displayed on the target computer during policy deployment. If you do not select this option, warning messages are suppressed. |
Show error messages |
… error messages should be displayed on the target computer during policy deployment. If you do not select this option, error messages are suppressed. |
Show success messages |
… success messages should be displayed on the target computer that relate to individual policy tasks during deployment. |
Show other messages
|
… information messages should be displayed on the target computer during and after policy deployment. If you do not select this option, information messages are suppressed. |
- Make your selection and click Next to continue.
Administration Password
- The Administration password (target computer) dialog appears:
- Enter and confirm the Matrix42 Full Disk Encryption administration password already set on the target computer. Click Next to continue.
Policy location
- The Policy location dialog appears.
The following options are available:
Option | Details |
---|---|
Policy file path
|
Enter the path for the policy in this field by clicking ‘…’ and selecting a location and filename for the file in the file browser. |
Create an unencrypted copy of the policy
|
Check this option to create an unencrypted copy of the policy (recommended for reconfiguration). If you want to reconfigure a computer that has already been configured using a policy, then check this option - the Policy Builder can only open an unencrypted policy to edit the settings. |
Plain copy of policy
|
Enter the path for the plain copy of the policy in this field by clicking ‘…’ and selecting a location and filename for the file in the file browser. |
- Enter the paths for your policy and click Finish to complete the procedure.
- It is recommended to always store plain copies in a safe place. Use the plain copies to create new policies for future changes in configuration.
- For security reasons, encrypted policies cannot be edited with the FDE Policy Builder.