File Share Encryption

 View Only

  • 1.  Generating a Whole Disk Recovery Token for an un-managed system

    Posted Nov 27, 2015 10:59 AM

    Dear all,

    i have recently joined a company who installs Symantec Encryption Desktop (Ver:10.3.2) but for some reason never bothered setting up the server as well, as a result when users forget their password or have it reset by the Help desk if the single sign on component doesn't pick that up ok users are locked out of their PC - for good, and all documents are lots not to mention the issue for a user who can't work till a new one is built.

    when i installed mine, i was given at the end of the install a "Whole Disk Recovery Token" which i could use in case i am locked out. is there any way i can generate that again to all my existing users? from the GUI or command line?

    all the posts i have read were talking about having also a server which can generate such which i obviously don’t have. i want to be able to go one user at a time and simply generate the key and save it securely so when they call me when locked out i can save them.

     

    Thank you in advanced

    Oren



  • 2.  RE: Generating a Whole Disk Recovery Token for an un-managed system

    Broadcom Employee
    Posted Dec 07, 2015 02:40 PM

    Hi OrenCG,

     

    Please check this article: HOW TO: Regenerate Whole Disk Recovery Tokens

     

    Rgs,

    dcats



  • 3.  RE: Generating a Whole Disk Recovery Token for an un-managed system

    Posted Dec 08, 2015 07:08 AM

    Hi dcats, thank you for your answer

    this command only works if i already know the current WDRT key but in my case i dont

    i have working machiens where users login with their single sign-on windows password but that doesn't work for this command, i must know the old WDRT in order to create a new one which i dont.

    is there a way to find out the current WDRT?

    Regards
    Oren



  • 4.  RE: Generating a Whole Disk Recovery Token for an un-managed system

    Broadcom Employee
    Posted Dec 09, 2015 06:45 AM

    Hi Oren,

     

    No, the WDRT is a one time event, for standalone clients it is only given once. What you can do is to install the server and enroll the clients against it, see Manually modify a Windows Symantec Encryption Desktop stand alone client to enroll with Symantec Encryption Management Server. New client versions should send a WDRT if none is found in the server's database (or generate a new WDRT using the admin passphrase, according to the first article given).

     

    Other than that, did you try to re-enrol?

    Manual

    For information on re-enrolling PGP Desktop for Windows clients, click here

    If re-enrolment doesn't work, then only a decrypt/encrypt operation will give you the WDRT (a new one).

     

    Rgs,

    dcats