Create a new client Whole Disk Recovery Token (WDRT) - PGP Encryption Desktop for Windows (Symantec Encryption Desktop)
search cancel

Create a new client Whole Disk Recovery Token (WDRT) - PGP Encryption Desktop for Windows (Symantec Encryption Desktop)

book

Article ID: 153544

calendar_today

Updated On:

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction


This article provides instructions how to create a new Whole Disk Recovery Token when using PGP Encryption Desktop for Windows (Symantec Encryption Desktop)

Resolution


In PGP Encryption Server (Symantec Encryption Management Server) managed environments with the appropriate policy, Whole Disk Recovery Tokens (WDRTs) are created automatically when a disk, partition, or removable disk is whole disk encrypted. They are sent to the PGP Encryption Server managing security for the disk or partition when they are created.

WDRTs can be used to access the disk or partition in case the passphrase or authentication token is lost. Once a WDRT is used, it cannot be used again. A new WDRT must be generated for the system. All new WDRTs are also automatically sent to the PGP Encryption Server managing the disk when the new WDRT is created.

The recovery token commands is: --new-wdrt

The usage format is:

pgpwde --new-wdrt --disk <number> --admin-authorization --admin-passphrase <phrase> --recovery-token <string>

Where:

  • --new-wdrt specifies the creation of a new WDRT.
  • --disk specifies the disk to which the operation applies.
  • <number> is the disk number on the system.
  • --admin-authorization specifies that the command is being performed by a member of the WDE-ADMIN Active Directory group.
  • --admin-passphrase specifies that the passphrase of an authorized user on the encrypted disk will be used to authenticate the adding of the new user account.
  • <phrase> is the passphrase of an authorized user on the disk.
  • --recovery-token specifies that a recovery token (WDRT) will be created to replace the used one.
  • <string> is the WDRT string.
The command is performed at the command prompt by using the following for your operating system:

Windows XP

  1. On your PC, click Start>Run
  2. Type cmd in the text field and click OK
  3. Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop

    CD Program Files\PGP Corporation\PGP Desktop

  4. Type pgpwde --new-wdrt --disk <number> --admin-authorization --admin-passphrase <phrase> --recovery-token <string> at the prompt and press Enter.
Windows Vista & Windows 7

  1. Click Start.
  2. In the Start Search field, type run and press Enter.
  3. Click Run from the displayed Programs list.
  4. Type cmd and click OK.
  5. Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop

    CD Program Files\PGP Corporation\PGP Desktop

  6. Type pgpwde --new-wdrt --disk <number> --admin-authorization --admin-passphrase <phrase> --recovery-token <string> at the prompt and press Enter.

 

Powered by Wolken Software