[KB7418] Moving a managed ESET Endpoint Encryption workstation to a new owner

Issue

• The following guide details the steps to take if a new user is given ownership of a workstation managed by an ESET Endpoint Encryption (EEE) Server and the old user needs to be removed from the machine.

Solution

Activate the new user

1. Login under the new Windows profile of the new user on the workstation in question. When prompted for an activation code, activate the user as detailed in the following article: [KB7157] Activate ESET Endpoint Encryption Client using ESET Endpoint Encryption Server

Add the new user to Full Disk Encryption

If the system is already full disk encrypted, then the new user will require an FDE login on the machine. This can be skipped if Full Disk Encryption is not already in place on the machine.

1. View the Workstation Details of the Workstation. 
2. Select the FDE Logins tab.
3. Click the Add button.

4. Select the login type, then click Next.
5. Select the Email address of the user that was activated during the "Activate a new user" steps above, then click Next.
6. Fill out the required details for the Add FDE Login command, then click Add.

7. Synchronize the client workstation to receive the command, then the EEE Server.
8. You should now find the new login listed in the FDE login tab with a status of OK.
9. At this point, you may like to get the new user to restart the system and verify they can successfully boot through the ESET Endpoint Encryption (EEE) Preboot screen with their FDE login details.

Deactivate the original user

This will remove the original user from the system. 

Important: You will need the original Windows profile of the user being targeted for deactivation to be loaded for this command to be processed successfully.

1. View the User Information of the User.
2. Select the Workstations tab.
3. Select the machine they are being removed from in the list of Workstations.
4. Click the Deactivate button.

5. Set the Are you sure you want to deactivate this user? checkbox to confirm the operation.
6. Click the Deactivate button.

7. Log in to the Windows profile of the original user being deactivated. If the user is logged in, click the Proxy Sync menu item from the EEE menu.
8. On the EEE Server, click the Proxy Sync button in the lower left corner.

Note: If the user has been deactivated from all the machines they use, they will still be using a license on the EEE Server, indicated by their blue icon. If they will no longer require a license this can be resolved by revoking the user license from the EEE Server, as detailed below.

9. Select the Users branch in the left-hand navigation tree.
10. Select the user in the list of users in the EEE Server.
11. Click the Details button.
12. Click the Suspend license button.

13. Click Yes to suspend the license.

Remove the old user's FDE login

This process will only be required if the machine uses Full Disk Encryption.

1. View the Workstation Details of the Workstation. 
2. Select the FDE Logins tab.
3. Select the old user's FDE login in the list of logins (you can use the associated user field to identify the correct login).
4. Click the Remove button.

5. Enter your password, then click the Remove button.

6. The login will change state to Delete Pending.
7. The operation will happen automatically over time. To speed up the process, perform a manual sync of the client workstation, then on the EEE Server, click the Proxy Sync button in the lower left corner.
8. When the command has been processed, the login will be removed from the list of FDE Logins.