Video Screencast Help

Symantec Whole Disk Encryption - Admin Passphrase

Created: 29 Jan 2013 • Updated: 31 Jan 2013 | 1 comment
This issue has been solved. See solution.

I'm running Symantec Whole Disk Encryption 10.3 on a Linux machine.

I setup a user with password recovery questions.

According to documentation (10.2) I can run the comment recovery-change-passphrase with an answers file to change the passphrase

pgpwde --recovery-change-passphrase --user "Alice Cameron" --disk 0 --new-passphrase 'Bilbo%Baggins$Underhill' --answers-file

But when I run it I get

No passphrase specified
No admin-passphrase specified
No authentication credentials found. Valid credentials for this operation are: 
  User passphrase, 
  admin passphrase, 
  recovery token

"operation change user self recovery user's passphrase failed: Error code -12000: pad parameters"

So the questions are

1. Shouldn't it work with just the answers file?

2. I noticed that I can specify an admin passphrase when I add the user which's passphrase I now want to recover.
    The recovery than works with that admin passphrase. But how can I change this admin passphrase?

Comments 1 CommentJump to latest comment

Alex_CST's picture

The admin passphrase is the passphrase of an existing PGP WDE user, so in your scenario that is the current user.

In an unmanaged scenario the done thing would be to add an administrator to all encrypted disks so there's always admin access should it be required

Please mark posts as solutions if they solve your problem!