Encrypted data has to be decrypted properly to allow access afterwards. The
decryption process must be completed. Proper decryption is particularly
important when uninstallation is triggered by Active Directory.
Also, all encrypted removable media must be decrypted before
uninstalling the last accessible SafeGuard Enterprise protected
endpoint. Otherwise users may not be able to access their data any more.
As long as the SafeGuard Enterprise Database is available, data on
removable media can be recovered.
To uninstall SafeGuard full disk encryption, all volume-based encrypted volumes
must have a drive letter assigned to them.
Make sure that you always uninstall the complete package with all features
In SafeGuard Management Center, edit the policy of the type Specific
Machine Settings. Set Uninstallation
allowed to Yes.
In Users and Computers, create a group for the computers
you want to decrypt: Right-click the domain node where you want to create the
group. Then select New > Create new group.
Select the domain node of this group and assign the uninstallation policy to it
by dragging the policy from the Available Policies list
into the Policies tab. Activate the policy by dragging
the group from the Available Groups list into the
Activation area. On the
Policies tab of the domain node, check that
Priority is set to 1 and that No
Override is activated. In the Activation
area of the domain node, make sure that only members of the group are affected
by this policy.
Add the endpoints you want to uninstall to the group.
To start uninstallation, use one of the following methods:
To uninstall locally on the endpoint, synchronize with the SafeGuard
Enterprise Server to make sure that the policy update has been received and
is active. Then select Start > Control Panel > Add or Remove
Programs > Sophos SafeGuard Client > Remove.
To uninstall centrally use the software distribution mechanism of your
choice. Make sure that all required data has been decrypted properly before