Symantec Endpoint Encryption uses the highest encryption standards to encrypt machines. If you want to boot the machine, a passphrase/password must be entered.
This password is typically the same password for the Windows login, but depending on the scenario, could be just a regular standalone password.
If a user forgets the password, they can reach out to the helpdesk team for assistance to get access to the system with a Help Desk Recovery Key for Symantec Endpoint Encryption Drive Encryption.
If the user is unable to put the passphrase in, a "Self-Recovery" password could be configured. This article will go over this option and how it works.
Step 1: If the "Self-Recovery" option has been enabled in your policy, once the system is encrypted, the following message will automatically appear:
Step 2: Click "Continue" to proceed with setting up your questions:
In order to add the questions, you just first authenticate your password. Use your Windows password to this if you are using Single Sign-On:
Step 3: Once the passphrase has been accepted, the following message will appear to allow you to configure your own questions and answers:
Each of these questions and answers are case sensitive, and must be entered exactly.
If one space is entered incorrectly, the password will not allow you to self-recover.
Step 4: Once you have entered the questions and answers, click "Save" to see the "Setup is Complete" dialogue, indicating the process was sucessful:
Now when you boot up your machine, you can use the Self-Recovery Questions, from Section 1 above, to boot the system up.
On the following screen, press the "F2" (Function 2) key:
You will arrive at the following screen to select "Self Recovery":
Next, you will see the following screen to prompt your username:
Enter your proper username that has been previously registered:
Note: If the wrong username is entered, the error "User not found or no self-recovery data. Try again", will appear.
You can retry this.
Once Successful, the following screen appears to enter Questions 1 through 3 in the following example:
Once you have entered all three questions, press "Enter". If any of the answers are incorrect, it will highlight the specific answer for you to fix:
Once you enter the correct answer, the system will then boot up properly:
The following things now happen at this stage:
*Whatever passphrase you use to login to the Windows profile will now synchronize with the preboot screen.
*The next time you reboot the system and see the preboot screen, you will enter the new password you just used to login to Windows.
*The Self-Recovery Questions will remain the same. In other words, even if you use the questions, they will remain intact.
If you would like to change your Self-Recovery questions, see Section 3 below.
If you would like to update your recovery questions, to be able to do this, you must be able to enter your current password.
Note: It is not possible to update your questions at the preboot screen shown in Section 2 of this article.
Step 1: Once you have logged in, you will click the "search" icon in your system tray.
Step 2: Next, start to type, "management", until you see the "SEE Management Agent" application show up.
Step 3: Then click on "Open" (You do not need to run as administrator).
Step 4: Once the SEE Management Agent application opens, click on "Self-Recovery" on the left side of the dialogue box, click "Continue":
Step 5: Enter your passphrase in this screen:
Step 6: Now enter the questions you would like to use:
Note: Some of the questions may be pre-populated. In this example, the administrator allowed the user to create their own questions.
Step 7: Now that you have entered all your recovery questions and answers, click "Save":
Step 8: The "Setup is Complete" dialog box will show up now:
Click Finish. You can validate the questions worked by following the steps in Section 2 above.