Reference Guide
Security Management Server v10.2.10 AdminHelp
107
For the steps to perform a recovery on removable media when a user is no longer associated with your
organization, see Encryption External Media Recovery for User Removed from Database
.
Encryption External Media encrypts data on removable media, as defined by policy. There may be
several conditions where access to encrypted data needs to be regained. In general, these scenarios
fall into two categories:
• The Encryption External Media password is lost or forgotten
• The Encryption External Media software or encryption key material has been lost or corrupted
on the device
If more than one Dell Server is part of a federation, to perform Encryption External Media Recovery
across Dell Servers in the federation, see Enable Federated Key Recovery
.
Manual Authentication when Encryption External Media Password is Lost or Forgotten
If a user has lost or forgotten a password, manual authentication is necessary.
1. The user is prompted for their password. Since the password is not available, the user clicks I
forgot.
2. The user is given another opportunity to try again. If the user clicks Yes - I forgot, manual
authentication begins (or the manual authentication begins upon the set number of retries
allowed).
3. The user is instructed to contact their administrator and inform them that they need to manually
recover Encryption External Media for Windows.
4. As a Dell administrator, log in to the Management Console.
5. In the left pane, click Populations > Users.
6. Enter a filter to search for the user. The wild card character is *. You can enter Common Name,
Universal Principal Name, or sAMAccountName.
7. Click
. A user or list of users displays, based on your search filter.
8. Locate the appropriate user and click the Endpoints tab.
9. Locate the appropriate Shielded Endpoint.
10. Under Actions, click the Recover link.
Tip: Numbers are red and letters are blue.
11. Ask the user for the Shield ID and verify that it is correct or enter it into Shield ID. Shield IDs do
not contain the letters B, O, Q, and S.
12. Ask the user for the 8, 16, or 32-character Endpoint Code (not case sensitive) and enter it into
the appropriate field. Endpoint Codes contain only the letters A-F.
13. Ask the user for the Key ID and enter it into the appropriate field (if your organization allows
non-domain user activation, the Key ID is required.
14. Click Generate Access Code. The Restore User Access page displays the directory user alias
associated with the Encryption client, along with an access code.
15. Confirm to your satisfaction that the request is coming from the directory user alias shown.
This is especially important if recovering media that may have been given to another user. Dell
recommends that you set a help desk policy for how to handle requests from users other than
those who originally copied the data.
16. Do one of the following:
• To allow the user to access the endpoint, click Activate.
• To not allow the user to access the endpoint, click Cancel.
17. If the requester is the device authorized user, ask the user to enter the Access Code (not case
sensitive) on the endpoint and click OK. The Access Code policies of the user affect this
process (for example, how many attempts the user has to enter the code correctly).
18. When the user successfully enters the Access Code, the Encryption client changes the Current
Shield State policy to Activate, and the successfully entered Access Code is no longer valid.
Instruct the user to click OK to close the dialog.
19. In the left pane, click Management > Commit.
20. Click Commit Policies.