question

josso02-7314 avatar image
0 Votes"
josso02-7314 asked FanFan-MSFT commented

Should Windows 10 device be decrypted before migrating from one domain to another domain?

We are working on consolidating Active Directory domain. As part of the project, windows 10 devices (pro and ent) will be migrated from their sub-domains to the root domain. The target windows 10 devices that will be migrated to the root domain have McAfee Drive Encryption software installed and activated.

I would like to know if the Win 10 device needs to be decrypted before it can be migrated to the root domain. Does anyone have any idea?

windows-10-securitywindows-server-security
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
 
Just want to confirm the current situations.
If there's anything you'd like to know, don't hesitate to ask.

Best Regards,

0 Votes 0 ·
Crypt32 avatar image
0 Votes"
Crypt32 answered

Most likely no. However, the question is offtopic here, because it is related to 3rd party product. This means that you must address this question to vendor who provides drive encryption -- McAfee.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

josso02-7314 avatar image
0 Votes"
josso02-7314 answered Crypt32 commented

Sorry I should have added more information. My bad.

As part of the migration, we are looking to enable Windows 10 native encryption protection (BitLocker) and so McAfee drive encryption will eventually be removed. In this case, we are wondering if we should decrypt the device (uninstall McAfee drive encryption), migrate it to the root domain and finally enable Bitlocker.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You need to contact McAfee support for that. But I guess that you can migrate workstations first and only then replace McAfee with BitLocker when you are in new domain.

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered

Hi,

Welcome to share here!
I didn't use the McAfee drive encryption in my environment, sorry that i can't do a test to check if it has any impacts for migrating.
From my side, i will decrypt the device before migrating it to another domain if the McAfee drive encryption will eventually be removed from the workstations,

Best Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MTG-3890 avatar image
0 Votes"
MTG-3890 answered

You won't need to decrypt in order to change domains, no.

However:
make sure to have the recovery passwords. If these are saved in the computer objects in the old domain, it would be wise to export that info before you delete the old domain and their computer objects.

Before changing to a different encryption, you will of course need to decrypt it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.