I am working for a MSP. We are managing several Kaspersky Security Center systems for our clients. We in the process of standardizing the KSC implementation (version, configuration and SOPs). Most enviroment requires an upgrade. Managed to upgrade some of the systems to the brand new KSC 13.2 successfully.
Next week, I am planning to upgrade an enviroment from KSC 12 to KSC 13.2. Right now, the KSC 12 is installed in a domain controller together with local MS SQL instance where there KAV DB resides. To clean-up the mess, I prefer to decommission the domain controller by installing a new domain controller. For the KSC, I prefer to install KSC 13.2 in a brand new VM. Once the server is ready, I will be using the “Switch administration server” group task to move the existing clients from the old KSC server to the new KSC server.
In a normal situation, I believe the migration plan should works well. However, I have one blocking point for which I would like seek clarification from the Kaspersky community. 100% of PCs that are managed by the KSC 12 server are encrypted through Kaspersky. 70% of the PCs are encrypted with Bitlocker and the rest are encrypted with Kaspersky’s native encryption tool. From the documentation, I understand that Kaspersky allows exporting and importing of encryption keys from 1 administration server to the other.
I would like to understand if exporting and importing the encryption keys from the current server to the new server would allow me to decrypt the computers and the external USB drives from the new server. The support team uses the “grant access in offline mode” function to provide assistance for the users whenever the users forget their PIN/Password.
Your feedback and comments are most welcome. Thanks for sharing your thoughts and comments.
Best answer by MilanBortelView original