“Nuke and Pave” might take additional dev time to determine “What is user data?” for USMT to be right.Ultimately, we chose option F (a combination of options B and E). Use a varying combinations of the above options.Leverage the “/ReflectDrivers” command-line option.
#SYMANTEC ENCRYPTION DESKTOP UPGRADE REBOOT DRIVERS#
Include the encryption drivers by modifying the setup command-line.Restore user files and data from network location (USMT).Delete all partitions on the physical disk.Capture user files and data to a network location (USMT).Nuke and Pave (treat it like bare metal or replacement scenario).To achieve the goal, we have some options available to us (there may be more than I’ve listed here, but you get it): Our solution needs to leverage SCCM and an In-Place Upgrade Task Sequence. They also use SCCM for endpoint management, software deployment and OSD. Their goal was to upgrade all Windows 7 clients to Windows 10 (Current Branch) without decrypting the volume, if possible. The most recent customer was running Windows 7 with Symantec Desktop Encryption (complete with the server component for management) for full disk encryption. And yes, I prefer the Microsoft solution for its ease of management and integration points.
![symantec encryption desktop upgrade reboot symantec encryption desktop upgrade reboot](https://it.ucsf.edu/sites/it.ucsf.edu/files/u91/win-encrypt.png)
Either that or they implemented prior to BitLocker being ready for prime time and never bothered to change the solution.
![symantec encryption desktop upgrade reboot symantec encryption desktop upgrade reboot](http://kb.mit.edu/confluence/download/attachments/5900905/Screen%20shot%202010-02-24%20at%205.23.58%20PM.png)
“Why?”… well… it’s most likely that they have a really good Symantec sales rep. Recently, I’ve had a few customers who use full disk encryption from Symantec (Symantec PGP, Symantec Endpoint Encryption, or Symantec Desktop Encryption) on client computers instead of Microsoft BitLocker.