Decrypt Endpoints in Advance
Before proceeding with the uninstallation, it is essential to ensure that the disks on the target endpoints are decrypted. This will allow the TMFDEUninstall.exe to execute without any user interface notifications.
There are two ways to achieve decryption:
- Way 1: Decrypt Device by Policies
- Using the PolicyServer MMC, set the "Encrypt Device" policy to "No" for the target devices.
- Alternatively, move the target devices to a group with the policy configured as not to encrypt.
- You can also configure the policy through Trend Microsoft Apex Central or Trend Micro Control Manager.
- Way 2: Decrypt Device by Launching TMFDEUninstall.exe
Launch the "C:\Program Files\Trend Micro\Full Disk Encryption\TMFDEUninstall.exe" to decrypt the device.
Once the decryption process is completed, proceed to run the TMFDEUninstall.exe file again for the uninstallation.
Prepare the Unattended Uninstall Script
To initiate the unattended uninstallation, you need to create a script that will invoke TMFDEUninstall.exe with the required authority. Additionally, the script should verify the success of the uninstallation and subsequently reboot the endpoints if necessary.
For example:
"C:\Program Files\Trend Micro\Full Disk Encryption\TMFDEUninstall.exe" username=GroupAdministrator password=123456 "C:\Program Files\Trend Micro\Full Disk Encryption\TMFDEUninstall.exe" username=GroupAdministrator epassword==5mih67uKdy7T1VaN2ISWGQQ=
Use the Command Builder to generate the encrypted username or password for enhanced security. Ensure to specify an account when launching from the command prompt if required: Command Builder
Items selected in Encryption Options are replaced with encrypted values in the generated command.
Deploy unattended uninstall script to target endpoints
Identify the FDE endpoints that are "Decrypted" or "Not Encrypted" using the "Device Encryption Status" report. Once you have the target endpoints, deploy the prepared unattended uninstall script to these devices: Standard Reports