Applies To: WatchGuard Full Encryption
When Full Encryption manages computers, you can decrypt the drives of the computers from the Full Encryption management UI.
Full Encryption has these decryption states:
- If Full Encryption uses settings to encrypt a computer, Full Encryption can also decrypt it.
- If a computer was previously encrypted and the WatchGuard Endpoint Agent assigns settings on install, Full Encryption sees the computer as encrypted and you can use Full Encryption settings to decrypt the computer.
- If a computer was previously encrypted and the agent does not assign settings on install, Full Encryption does not class the computer as encrypted and you cannot use Full Encryption settings to decrypt the computer.
Use Full Encryption to Decrypt
You can configure decryption settings in the Full Encryption management UI.
To use Full Encryption to decrypt computers in a settings profile:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status > Full Encryption.
- In the Encryption Status tile, click an encryption status.
The Encryption Status page opens filtered to show computers with the selected status.
- From the list of computers, select a computer.
The Computer details page opens.
- Select the Settings tab.
- In the Encryption section, click Go to Settings.
The Edit Settings page opens.
- Disable Encrypt All Hard Disks on Computers. Full Encryption assigns these setting to all computers in the settings profile.
If you use the Full Encryption management UI to encrypt the drives of a computer and then disable Encrypt All Hard Disks on Computers, Full Encryption decrypts all encrypted drives.
If you encrypt the drives of a computer, but not through the Full Encryption management UI, then disable Encrypt All Hard Disks on Computers, there is no change to the encryption status of the drives. In this case, you can use Microsoft BitLocker technology to decrypt the drives locally.
For information about storage device encryption, go to Encryption Settings.