Deleting Clients
Only CipherTrust Manager administrators can delete clients. When a client is deleted from the CipherTrust Manager GUI, the client moves to the Expunged state and the CTE Agent is notified to drop client configuration. The CTE Agent installations on the client continue to run, complete with the applied policies. To completely remove a CTE Agent from the client, uninstall the Agent from the client system.
When Agent uninstallation is initiated, the client record is deleted from the CipherTrust Manager. The CipherTrust Manager pushes the configuration change to the CTE Agent running on that client. As a result, the following occur on the client:
CTE Agent certificates are deleted.
The URL line is removed from the agent.conf file.
The GuardPoints are removed.
The client is no longer recognized by the CipherTrust Manager. If the CTE Agent tries to communicate with the CipherTrust Manager, the connection is refused.
Deleting Clients with System Lock or Agent Lock
Do not unregister or delete the CTE client while locks are applied. The locks remain effective after the client is unregistered. Without client credentials, the CipherTrust Manager cannot administer that CTE Agent and cannot disable the locks. You must boot the client in single-user mode and manually modify the Agent configuration to disable the locks.
To remove everything associated with a client (including the CTE Agent):
Apply a rekey policy and run dataxform on the client to decrypt encrypted files.
Disable the locks on the client. Refer to Disabling Locks.
Remove all the GuardPoints from the client.
Click Clients > Clients.
Under Client Name, click the overflow icon () corresponding to the desired client.
Click Delete. A dialog box appears prompting to confirm the action.
Click Delete.
The client administrator with root permissions must log on to the client system and uninstall the CTE Agent.
Deleted Client Indicators
A client is successfully deleted from the CipherTrust Manager GUI if:
CipherTrust Manager URL is deleted from the CTE Agent
agent.conf
file.Certificates are removed from the
./agent/pem
directory.
However, if the client is deleted and its identity is changed while it is offline:
The GuardPoints are not removed
The certificates remain intact in the
./agent/pem
directoryThe
agent.conf
file remains unchangedBut the Agent and CipherTrust Manager still cannot communicate with each other.
Logging for the CTE Agent on the CipherTrust Manager is also affected if an offline client is deleted. When the client comes online, log messages about the denied connection can be viewed only by CipherTrust Manager administrators of type System or All (when not in a domain). This is because the CipherTrust Manager:
No longer has the client's record.
Does not know which domain and the group the client belongs to.
Cannot send messages to the appropriate log service.