Administrator Guide
Policy-Based or File/Folder Encryption
Recovery
Recovery is needed when the encrypted computer will not boot to the operating system. This occurs when the registry is
incorrectly modified or hardware changes have occurred on an encrypted computer.
With Policy-Based Encryption or File/Folder Encryption (FFE) recovery, you can recover access to the following:
● A computer that does not boot and that displays a prompt to perform SDE Recovery.
● A computer displays BSOD with a STOP Code of 0x6f or 0x74.
● A computer on which you cannot access encrypted data or edit policies.
● A server running Dell Encryption that meets either of the preceding conditions.
● A computer on which the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
NOTE: Hardware Crypto Accelerator is not supported, beginning with v8.9.3.
Perform System Data Encryption or FFE Recovery
Follow these steps to perform System Data Encryption recovery.
Overview of the Recovery Process
NOTE:
For Dell Servers running v10.2.8 and earlier, recovery requires a 32-bit environment. Dell Servers running v10.2.9 and
later provide 32-bit and 64-bit recovery bundles.
To recover a failed system:
1. Burn the recovery environment onto a CD/DVD or create a bootable USB. See Appendix A - Burning the Recovery
Environment.
2. Obtain the Recovery file.
3. Perform the recovery.
Obtain the Recovery File - Policy-Based Encryption or FFE
Encryption Client
Obtain the recovery file.
The recovery file can be downloaded from the Management Console. To download the Disk Recovery Keys generated when you
installed Dell Encryption:
a. Open the Management Console and, from the left pane, select Populations > Endpoints.
b. Enter the hostname of the endpoint, then click Search.
c. Select the name of the endpoint.
d. Click Device Recovery Keys.
2
6 Policy-Based or File/Folder Encryption Recovery