Which one are you talking about?  With SEE Full Disk encryption a recovery file is generated from the SEE Management console and then you use that with bootable media on the PC to attempt the recovery process.   On removable media you can either encrypt via a password and also include a master certificate so that it can be recoverable by admin.

Im talking about the removable storage.

So when using SEE removable storage, I can configure my settings to use a Master Cert so I can recover encrypted data. Is a token required? Or I just need a Master Cert and password? 

How can I generate a Master Cert?

 
Just a master cert is required, but let me check in some of my documentation... to be honest I have done all the training on the product but I have not used the removable media portion extensively so I forget some of the details.

Thanks for your help. I have only purchased the removable storage. So for the full disk portion I do not need it.

By the way, just something to clarify. Why is it that the SEE Manager never prompts me for password when I enter into the SEE Manager?

I installed the Manager in the same machine as the SEE Server and I log in as a Administrator installing both the Server and the Manager.

Only certain portions require a password, and with just removable storage I don't think they would apply as I believe it is only OTP (One-Time Password Recovery).  I know I have been prompted for SQL credentials if the user I used to log-in to the server didn't have privileges to SQL server, but if you're using an admin account, I'm assuming it has rights to the database. 

Hi,

How do I get a Master Cert? Where can I generate 1?

You will get the master certificate under

Which ever drive you have istalled the SEPM under that drve go to

Program File\Symantec \Symanec Endpoint Protection Manager\ Server priviate key backup\ You will get the certificate

You can also generate the Certificate from the SEPM > Admin > Server > Go to you server name & click on manage server certificate & just backup it to any location where you want.

You can also follow this

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082112135948

Hi Kavish,

Thanks for your inputs but mr. Tan is not talking about SEP.It is about Symantec Endpoint Encyption -Removal Storage 

Pg no. 52 of SEE-RS_7.0.0_Installation_Guide.pdf
That can be found in 
ftp://ftp.symantec.com/public/english_us_canada/pr...

 to specify an administrator certificate with which to have SEE Removable Storage and the Removable
Storage Access Utility encrypt all files on removable storage devices. Use of a master certificate with SEE
Removable Storage is recommended, as it provides a recovery method for files encrypted with lost passwords or
certificates. Note that this feature only applies to computers on which write access and encryption are enabled for
removable storage devices.

Choose Do not encrypt files with a master certificate if you do not want to use a master certificate.
Choose Encrypt files with a master certificate if you want to use a master certificate. You will be prompted for the
location of the PKCS#7 format certificate file (.p7b). Once you have chosen a certificate file, the Select Certificate
dialog will show information about the certificate you have chosen.
Figure

Click OK.

When the chosen certificate file has been processed by the panel, the issuer and serial number of the certificate are
displayed. Click Change certificate to select a different certificate file.

I have not performed the removable media portion so this article helps me..
thanks... 

 Tanyc - You can generate a Master Certificate from any internal Certificate Authority that you have.  I am not sure about your environment but do you know if you have an internal CA available?  This needs to be an internal CA on your domain so that it is trusted by all computers (inherently).  See the following link to an MS article about generating a certificate

http://technet.microsoft.com/en-us/library/cc736590(WS.10).aspx

You will want to generate a PKCS #7 format certificate.  Then follow the steps that others have posted in terms of applying this via policy in SEE Manager Server.

Hi,

Any1 have the exact steps on how to generate a cert? I seems to have problem generating it.
Got any requirements prior to generating?

Hi,

Can I use the SEPM to generate a cert for my SEE?

SEPM cannot be used to create a cert.

Blenks' message refers for creating the certificate

http://technet.microsoft.com/en-us/library/cc736590(WS.10).aspx

from Vikram Kumar- SAV-SEP message

to specify an administrator certificate with which to have SEE Removable Storage and the Removable
Storage Access Utility encrypt all files on removable storage devices. Use of a master certificate with SEE
Removable Storage is recommended, as it provides a recovery method for files encrypted with lost passwords or
certificates. Note that this feature only applies to computers on which write access and encryption are enabled for
removable storage devices.

Choose Do not encrypt files with a master certificate if you do not want to use a master certificate.
Choose Encrypt files with a master certificate if you want to use a master certificate. You will be prompted for the
location of the PKCS#7 format certificate file (.p7b). Once you have chosen a certificate file, the Select Certificate
dialog will show information about the certificate you have chosen.
Figure

Click OK.

When the chosen certificate file has been processed by the panel, the issuer and serial number of the certificate are
displayed. Click Change certificate to select a different certificate file.

How agents and encryption keys (used by SEE) are kept confidential if endpoint’s hard-disk is stolen and full volume encryption with pre-boot authentication option is not installed on the endpoint.

Moved from SEP section  to SEE section of the forum.