[KB8101] Resolve errors when using ESET Endpoint Encryption in a system image for deployment

Issue

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE.

Visit What's new in ESET Full Disk Encryption to view EFDE content.

Solution

Resolve duplicated Workstation IDs

When you activate a managed client, EEE creates a unique workstation ID to enable the EEE Server management console to communicate with the Workstation. If you create a system image with an activated EEE client, the EEE Server will attempt to communicate with more workstations with the same ID. This will cause multiple issues as commands can only be retrieved by one instance.

Check your workstation IDs and apply the following changes to your system image:

  1. Navigate to C:\windows\system32\drivers\ and delete DLSDBLK0.sys.

DLSDBLK0.sys is a hidden system file

DLSDBLK0.sys is a hidden system file that is read-only. To view hidden files adjust the Windows Explorer settings.

  1. Remove the activation registry keys from all user profiles that are activated in the image.

  2. Navigate to C:\Users\USER\AppData\Local\DESkey\DESlock+\ and remove all user's tokenstore.dat files

  3. Reboot the workstation.


Resolve duplicated encryption keys in Full Disk Encryption

When you deploy a system image with EEE installed and the workstation policy Automatically start encryption after installation is enabled, the Full Disk Encryption key will be identical each time you deploy the system image.

If you use an image distribution software package such as Microsoft Deployment Tools (MDT), EEE can be applied without installation or activation. MDT will allow EEE to be installed using MSIExec for each deployment.