Using Whole Disk Recovery Tokens
|Article:TECH149068|||||Created: 2007-10-24|||||Updated: 2011-03-16|||||Article URL http://www.symantec.com/docs/TECH149068|
Whole Disk Recovery Tokens (WDRT) allow PGP administrators the ability to remotely regain access to a drive that has been whole disk encrypted. The WDRT can be used if the usual authentication method is unavailable (for example, if a user forgets their passphrase).
Whole disk recovery token are associated with encrypted devices, not single computers or single users. A single computer can be associated with multiple encrypted devices. If multiple users have accounts on the same device, they share the same whole disk recovery token. Whatever you do with the token affects all users sharing that device. Each encrypted device has only one whole disk recovery token.
If the internal user whose settings you are viewing has one or more whole disk recovery tokens stored on the PGP Universal Server, they will be listed in the WDRT column of the Whole Disk Encryption section of the Internal User Information dialog.
Note: Beginning with version 2.7 of PGP Universal Server 2.7, the server includes a new feature when using a Whole Disk Recovery Token. Whole disk recovery token strings contain both letters and numerals. Because it can be difficult to tell the difference between certain letters and numerals, whole disk recovery tokens use letter and numeral equivalencies. You can type either letter or numeral when you use a whole disk recovery token, and the token string will be accepted. The following are interchangeable:
Recover an encrypted disk using a Whole Disk Recovery Token
These steps apply to PGP Universal Server 2.7 and above. When using PGP Universal Server 2.5/2.6, please read the NOTE for additional instructions for viewing a WDRT on PGP Universal Server 2.5/2.6.
- On the PGP Universal Server administrative interface, select the Users tab and click Internal Users.
- Select the user which you want to view the WDRT for. The Internal User Information dialog appears.
- Click the Whole Disk Encryption tab and then click the View icon in the WDRT column. The recovery token string appears.
NOTE: When using PGP Universal Server 2.5/2.6, after selecting the user, select the Whole Disk Recovery Tokens tab and select the icon under Options to view the WDRT.
- Provide the information contained in the WDRT to the user.
- On the PGP BootGuard screen of the end user, the user enters the Whole Disk Recovery Token (WDRT) to unlock the disk. When entering the WDRT, it is not necessary to enter the hyphens in the WDRT string.
Note: Once the token is used, it is presented as a broken or opened token, and a new token is automatically generated by PGP Desktop and synchronized with the PGP Universal Server as soon as the user logs in. The new token will then re-appear as unviewed or valid.
Article URL http://www.symantec.com/docs/TECH149068