You can prevent access to encrypted data by temporarily decommissioning the device. When a device is temporarily decommissioned, all of the Pre-Boot Authentication (PBA) user accounts are removed. The only way to access the device after the users are removed is to perform a PBA override or an emergency recovery. Before decommissioning the device, you should ensure that an Emergency Recovery Information (ERI) file exists for the device (see Creating an Emergency Recovery Information File).
Make sure you know the FDE Admin password for the policy that is assigned to the device.
To temporarily decommission a device by removing all PBA users, you must know the FDE Admin password for the policy assigned to the device, or you must know the ZENworks Adaptive Agent override password or key. For more information about passwords, see Section B.0, Administrator Passwords.
On the device, double-click the icon in the notification area, then click Full Disk Encryption.
In the Full Disk Encryption Agent Actions section, click About to display the About dialog box.
Click the Commands button.
Supply the password, then click OK to display the Commands dialog box.
Click the Temporary Decommission button.
In the confirmation dialog box that is displayed, click Yes to proceed.
The device immediately shuts down.