Providing Whole Disk Recovery Token assistance for clients managed by Symantec Encryption Management Server

book

Article ID: 178334

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

 

Resolution

You can configure Symantec Endpoint Encryption Management Console to a retrieve Whole Disk Recovery Token (WDRT) from the Symantec Encryption Management Server for a Symantec Drive Encryption client. You can provide Whole Disk Recovery Token user assistance for a client computer if the Symantec Endpoint Encryption Management Server database is connected to Symantec Encryption Management Server and the Symantec Encryption Desktop clients require Whole Disk Recovery Token for recovery.

This feature requires Symantec Encryption Management Server version 3.3.2 MP1 or later.

Before you provide a Whole Disk Recovery Token, confirm that the following is true:

  • The administrator role on the Symantec Encryption Management Server is one of the following: "WDRT-only Administrator", "Basic Administrator", "Full Administrator" or "SuperUser".
  • You must connect the Symantec Endpoint Encryption Management Server to the Symantec Encryption Management database to access the WDRTs.
  • When a user calls the help desk for recovery assistance, use the Help Desk Recovery snap-in to provide the WDRT to the user.
     

To connect your Symantec Endpoint Encryption Server database to retrieve recovery tokens from Symantec Encryption Management Server:

  1. On your 11.0 Symantec Endpoint Encryption Management Server, click Start > All Programs > Symantec Endpoint Encryption > SEEMS Configuration Manager.
     
  2. In the SEE Management Server Configuration Manager, click the SEMS Config tab.
     
  3. Under SEMS Configuration, click Activate Symantec Encryption Management Server Configuration.
     
  4. In the Server Hostname/IP field, enter the host name or IP address of the Symantec Encryption Management Server.
     
  5. In the User Name field, enter the administrator name to be used to connect to the Symantec Encryption Management Server.
     
  6. In the Password field, enter the administrator password to be used to connect to the Symantec Encryption Management Server.
     
  7. Click Test Connection, to verify that the connection is properly configured. If the connection is not properly configured then an error message should indicate why.
     

To provide a Whole Disk Recovery Token for user assistance:

Before you begin, make sure that the user’s screen is displaying a Machine ID, Disk ID, or UUID

  1. In the left pane of Symantec Endpoint Encryption Manager, click SEE Help Desk > Help Desk Recovery Program.
     
  2. On the Welcome page, click Next.
     
  3. Type the current Management Password in the Enter the SEE management password provided by your administrator box, and click Next.
     
  4. On the Help Desk Recovery Options page, select WDRT Recovery, and then click Next.
     
  5. On the Whole Disk Recovery Token Program page, do the following:

    • Type the Machine ID, Disk ID, or UUID that the user provides in the Machine/Disk ID box. This information is mandatory to retrieve Whole Disk Recovery Token.
    • Type the name of the user in the User Name box.
       
  6. Click Next.
     
  7. From the Whole Disk Recovery Token Program page where the token characters appear, read aloud the characters of the token to the user. Ask the user to type the characters correctly.
     
  8. Do one of the following:

    • Click Yes if the user has successfully recovered the encrypted computer, and then click Next.
    • Click No if the user is unable to recover the encrypted client computer, and then click Next.
       
  9. Do one of the following:

    • If you clicked Yes in the previous page, click Finish to close the Whole Disk Recovery Token program.
    • If you clicked No, the wizard takes you to the beginning of the Whole Disk Recovery Token program so that you can reconfirm the information that you have entered.