Self-Recovery Setup with Symantec Endpoint Encryption Drive Encryption
search cancel

Self-Recovery Setup with Symantec Endpoint Encryption Drive Encryption


Article ID: 272996


Updated On:


Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK


Symantec Endpoint Encryption uses the highest encryption standards to encrypt machines.  If you want to boot the machine, a passphrase/password must be entered. 
This password is typically the same password for the Windows login, but depending on the scenario, could be just a regular standalone password.

If a user forgets the password, they can reach out to the helpdesk team for assistance to get access to the system with a Help Desk Recovery Key for Symantec Endpoint Encryption Drive Encryption.

If the user is unable to put the passphrase in, a "Self-Recovery" password could be configured.  This article will go over this option and how it works. 



Section 1 of 3: Setup of the Self-Recovery Questions



Step 1: If the "Self-Recovery" option has been enabled in your policy, once the system is encrypted, the following message will automatically appear:

Step 2: Click "Continue" to proceed with setting up your questions:

In order to add the questions, you just first authenticate your password.  Use your Windows password to this if you are using Single Sign-On:

Step 3: Once the passphrase has been accepted, the following message will appear to allow you to configure your own questions and answers:

Each of these questions and answers are case sensitive, and must be entered exactly.  
If one space is entered incorrectly, the password will not allow you to self-recover.

Step 4: Once you have entered the questions and answers, click "Save" to see the "Setup is Complete" dialogue, indicating the process was sucessful:




Section 2 of 3: Using the Self-Recovery Questions to boot a system



Now when you boot up your machine, you can use the Self-Recovery Questions, from Section 1 above, to boot the system up.

On the following screen, press the "F2" (Function 2) key:

You will arrive at the following screen to select "Self Recovery":

Next, you will see the following screen to prompt your username:

Enter your proper username that has been previously registered:

Note: If the wrong username is entered, the error "User not found or no self-recovery data. Try again", will appear.
You can retry this. 

Once Successful, the following screen appears to enter Questions 1 through 3 in the following example:


Once you have entered all three questions, press "Enter".  If any of the answers are incorrect, it will highlight the specific answer for you to fix:

Once you enter the correct answer, the system will then boot up properly:

The following things now happen at this stage:

*Whatever passphrase you use to login to the Windows profile will now synchronize with the preboot screen.

*The next time you reboot the system and see the preboot screen, you will enter the new password you just used to login to Windows.

*The Self-Recovery Questions will remain the same.  In other words, even if you use the questions, they will remain intact.


If you would like to change your Self-Recovery questions, see Section 3 below.




Section 3 of 3: Changing your Self-Recovery Questions for Self Recovery


If you would like to update your recovery questions, to be able to do this, you must be able to enter your current password.
Note: It is not possible to update your questions at the preboot screen shown in Section 2 of this article. 

Step 1: Once you have logged in, you will click the "search" icon in your system tray.

Step 2: Next, start to type, "management", until you see the "SEE Management Agent" application show up.

Step 3: Then click on "Open" (You do not need to run as administrator).

Step 4: Once the SEE Management Agent application opens, click on "Self-Recovery" on the left side of the dialogue box, click "Continue":

Step 5: Enter your passphrase in this screen:

Step 6: Now enter the questions you would like to use:

Note: Some of the questions may be pre-populated.  In this example, the administrator allowed the user to create their own questions.


Step 7: Now that you have entered all your recovery questions and answers, click "Save":

Step 8: The "Setup is Complete" dialog box will show up now:

Click Finish.  You can validate the questions worked by following the steps in Section 2 above. 




Additional Information

254842 - Symantec Endpoint Encryption Windows Password Reset Utility

272996 - Self-Recovery Setup with Symantec Endpoint Encryption Drive Encryption