Decrypt encrypted data

The following prerequisite must be met:

To decrypt encrypted volumes, all volume-based encrypted volumes must have a drive letter assigned to them.

  1. In SafeGuard Management Center, edit the current policy of the type Device Protection that is assigned to the computers you want to decrypt. Select the targets and set User may decrypt volume to Yes. Assign the policy to the respective endpoints.
  2. Create a decryption policy of the type Device Protection, select the targets that are to be decrypted and set the Media encryption mode to No encryption.
  3. In Users and Computers, create a group for the computers you want to decrypt: Right-click the domain node where you want to create the group. Then select New > Create new group.
  4. Select the domain node of this group and assign the decryption policy to it by dragging the policy from the Available Policies list into the Policies tab. Activate the policy by dragging the group from the Available Groups list into the Activation area. On the Policies tab of the domain node, check that Priority is set to 1 and that No Override is activated. In the Activation area of the domain node, make sure that only members of the group are affected by this policy.
  5. In the Users and Computers navigation area, select the group, right-click on the Members tab shown in the action area and click Add to add the computers you want to decrypt to the group.
  6. On the endpoint that is to be decrypted, synchronize with the SafeGuard Enterprise Server to make sure that the policy update has been received and is active.
  7. Open Windows Explorer. Right-click the volume that should be decrypted and click Encryption > Decryption.
    Make sure that the decryption is completed successfully.
    Note: Endpoints can be shut down and restarted during encryption/decryption. If decryption is followed by an uninstallation, we recommend that the endpoint is not suspended or hibernated during decryption.