Upgrading Legacy Clients
To see the supported upgrade paths, see the Release Notes for the Endpoint Security client version to which you want to upgrade. Legacy clients are those earlier than version E80. You must enter password information to upgrade legacy Secure Access and Full Disk Encryption.
Offline Upgrades
During an offline upgrade, the endpoint has no connection with the Endpoint Security Management Server. For this reason, the Preupgrade.exe
package delivered to the client must contain:
- All the passwords necessary to successfully uninstall legacy products
- The new client with the necessary Software Blades and policies
Offline upgrades use the Preupgrade.exe
file, which is automatically created in the same directory as the MSI package.
To create an offline upgrade package:
- On the tab, select from the tree.
- Click .
A new package shows in the list.
- Optional: Change the package and .
- In the column, select .
- Under , make these selections as necessary:
- - Choose ifsilent mode is active. When active, the procedure tool runs silently without user intervention. If silent mode is not active, users can see the GUI of the Upgrade tool. If silent mode is active, select what happens after the upgrade:
- - To enable a Secure Access upgrade you must enter the uninstallation password. Click on and select .
In the window, select and enter and confirm the uninstallation password.
- - To enable an upgrade from legacy Full Disk Encryption EW, you must enter the uninstallation password. Click on Legacy Full Disk Encryption EW upgrade not supported and select .
In the window, select and enter and confirm the uninstallation password.
- Make sure the Software Blades in the and columns are correct.
- Optional: In the column, add a Virtual Group destination for the package. Click and select .
- Select > .
- Select the package and click .
- In the window:
- Select the platform versions (32/64 bit) to export for laptops and desktops.
- Enter or browse to a destination folder.
- Click .
The files are downloaded to the specified path.
- Send the files to endpoint users. Endpoint users manually install the packages. They must use Administrator privileges.
You can also use third party deployment software, a shared network path, email, or some other method.
To install the offline upgrade, users must:
- Double-click
Preupgrade.exe.
- Follow the on-screen instructions to install the package.
Online Upgrades
During an online upgrade the endpoint has a connection to the server. When the initial client is installed, it connects to the server. The initial client uses the that contains uninstall passwords for legacy products.
To create a package for an Online upgrade:
- In the tab > section, and right-click .
- Click .
The window opens.
- Click .
- Enter uninstall passwords for:
- Legacy Secure Access
- Legacy FDE EW
- Click .
- On the tab, select from the tree.
- Click .
- Add a package with , with the version you require.
- Click .
- In the window:
- Select the platform versions (32/64 bit) to export for laptops and desktops.
- Enter or browse to a destination folder.
- Click .
The package files are downloaded to the specified path.
- Send the to endpoint users. Endpoint users manually install the packages. They must use Administrator privileges.
You can also use third party deployment software, a shared network path, email, or some other method.
After the is installed, you can add a package with Endpoint Security Software Blades. See Upgrading with Deployment Rules.
Upgrading Legacy Full Disk Encryption
To see the supported upgrade paths, see the Release Notes for the Endpoint Security client version to which you want to upgrade.
Before you upgrade, make sure that encryption or decryption are not running.
You do the upgrade using the standard Endpoint Security MSI packages, which can be run manually or through Endpoint Security software deployment.
During the upgrade:
- The client remains encrypted.
- All existing user and policy settings are discarded. Only partition keys are kept.
- Full Disk Encryption goes through the Deployment Phase
To upgrade a client package from Full Disk Encryption EW:
- If you know the Validation Password, do the procedure in Upgrading Clients.
- If you do not know the Validation Password, do the procedure below.
To upgrade a client package from Full Disk Encryption MI or from EW without the password:
- In the existing MI or EW environment, create a user or user group with this name:
_allow_upgrade_
This user or group does not require permissions.
- Update all of the Full Disk Encryption MI or EW clients with the new user or group.
- In the Full Disk Encryption MI or EW Management Console, go to the container that contains all clients.
- Right-click the object and select .
- In > tab, select and click .
- Expand , right-click , and select .
- Browse to find the
_allow_upgrade_
user and select . - Click
- Make sure that all clients are connected to the server and receive the update after the next heartbeat.
- Install a new Initial Client on the legacy client computers.
To upgrade a client package from Full Disk Encryption for Mac:
Do the procedure in Upgrading Clients.
What effect does an upgrade have on users?
- Users are instructed to use their Windows password for the first Pre-boot after the upgrade and deployment completes.
- The Pre-boot page looks slightly different.
Do not:
- Upgrade when the disk is not fully encrypted.
- Start another upgrade before a computer is fully protected with the first upgrade.
- Uninstall the upgrade before a computer is fully protected with the upgraded version.