Recent updates to this article
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
| Date |
Update |
| May 2, 2022 |
Minor formatting updates; no content changes. |
IMPORTANT: This article doesn't apply to Windows 10 or later releases. For how to upgrade a Windows 10 operating system, see the following article:
This article provides the information needed to refresh the Windows operating system (OS) without having to decrypt the hard drive and uninstall DE.
The attached Refresh Tools enable you to perform an operating system refresh using standard Microsoft tools.
Upgrading to Microsoft Windows 7 or later
We worked with Microsoft to include a step to check for Endpoint Encryption during an upgrade to Windows 7 or later. If the Windows installer detects DE on the system, the installation stops and displays a message that the upgrade can't continue while the Endpoint Encryption product is installed.
Refresh Tools
We introduce a functionality in the form of two small, free tools called DE 7.x Refresh Tools that enable you to perform an OS Refresh using the standard Microsoft tools. The tools from Microsoft include, but aren't limited to, the following:
- Microsoft System Center 2012 Service Pack 1 Configuration Manager (SCCM)
- Microsoft Deployment Toolkit (MDT) 2012 (Update1)
IMPORTANT: This refresh process isn't supported on OPAL encrypted drives.
The DE 7.x Refresh Tools can be used along with these Microsoft tools to achieve the following functionality, while keeping a computer encrypted. That is, you don't need to decrypt before and re-encrypt after the following:
- A major OS upgrade (such as Windows XP to Windows 7)
- Part of a standard reimaging process (such as Windows 7 to Windows 7)
- A method of applying a service pack (such as Windows 7 to Windows 7 Service Pack 1)
The DE 7.x Refresh Tools are command-line utilities and can be called from any script or program. The tools are useful because OS Refresh, reimage, and service pack installation activities change data on the hard disk in a way that can break DE. A simple example is the fact that the MBR is modified by an OS refresh; any modification of the MBR breaks DE.
There are two separate versions of the Refresh Tool for DE 7.x. One for MBR systems, and one for UEFI systems. There are also 32-bit and 64-bit builds for each tool. The documentation referenced in the Solution describes a generic process to update the OS while the hard disk remains encrypted. The process is generic to work with several different Microsoft tools. Make sure that you read and understand the documentation referenced in the Solution, especially the sections on the knowledge expected of the implementer.
Customer expectations or disclaimer
You're expected to have the knowledge or expertise to use the Microsoft tool of choice. You must either have that knowledge in-house or be able to hire an expert with that particular technology. The documentation describes when particular steps related to DE need to occur in the general reimaging process. It's up to you to insert the appropriate steps during the reimaging process to achieve the expected result. If the relevant skills arent available to you, we recommend that you acquire those skills before starting on the implementation of such a process.
Support
Each customer's refresh process is different and Technical Support can't be experts in a customer's process, nor are they experts in Microsoft tools:
- Technical Support helps customers use the Refresh Tools if the specific DE functionality they provide isn't operating as expected.
For example, the tool isn't writing or storing the MBR as expected.
- We do not support Microsoft tools.
For example, Technical Support can't answer questions such as "On the second reboot, it can't find the operating system - why is that?"
This is a process-related question and is outside the expertise of Technical Support.
Professional Services
If you need assistance or advice, contact our Professional Services. Depending on the geographical location, Professional Services can help in implementing or debugging the refresh process.
