Administrator Guide
The recovery file <machine_name.domain>.csv is downloaded.
7. Boot the target computer from a pre-created external recovery volume. You can accomplish this by either launching the
Startup Disk pane in System Preferences and selecting the recovery volume, or by holding down the Option key while you
restart this computer and selecting the recovery volume in the preboot Startup Manager.
or
Boot the computer targeted for recovery into Target Disk Mode. You can accomplish this by either launching the Startup
Disk pane in System Preferences and clicking Target Disk Mode, or by holding down the T key while you restart this
computer.
NOTE:
Firmware password protection blocks the ability to use the T key at startup to enter Target Disk Mode. More
information about Target Disk Mode is available from Apple at http://support.apple.com/kb/HT1661.
Now connect this computer to the host computer that will perform the recovery operation using a FireWire or Thunderbolt
cable, depending on your hardware.
8. Mount the Dell-Encryption-Enterprise-<version>.dmg.
NOTE:
The Recovery Utility must be the same or newer version than the version of client software installed on the computer
targeted for recovery.
9. Select the volume or drive that needs recovery and click Continue.
Selecting the drive recovers all volumes on the drive at once.
10. Select the recovery bundle (saved in step 6) and click Open.
11. Click Close.
You can now open a Finder window and access data on the encrypted volume as you would a normal volume. All data is
transparently encrypted and decrypted as files are transferred between the volumes.
FileVault Recovery
Recovery of a managed FileVault-encrypted volume is dictated by Apple and is automated where possible but requires a few
more steps.
The Dell Recovery Utility simplifies the operation of Apple's recovery tools with scripts to assist with mounting a volume or, in
some cases, decrypting it. FileVault recovery functionality is determined by the operating system installed on the Recovery HD
and the paired target partition.
A FileVault-encrypted volume can be recovered only from a Recovery HD partition that is written to all disk drives running Mac
OS X 10.9.5 or later. This requirement eliminates the possibility of performing a recovery operation directly from the Dell
Recovery Utility.
Two recovery methods exist, based on whether the FileVault recovery key is a personal or institutional recovery key. One valid
recovery key always exists. If a personal recovery key exists, Dell recommends that you use the most recent entry for that key.
If that key does not work, then use the institutional recovery keychain.
● Personal Recovery Key - Existing FileVault encryption is managed by the Dell Server. If the most recent entry in the recovery
bundle contains a RecoveryKey entry, follow the Personal Recovery Key steps. Here is a RecoveryKey example:
RecoveryKey</key><string>C73W-CX2B-ANFY-HH3K-RLRE-LVAK</string>
● Recovery Keychain (rarely used) - This recovery method is based on use of a FileVault institutional recovery key.
If the most recent entry in the recovery bundle contains a KeychainKey entry, follow the Recovery Keychain steps. Here is a
KeychainKey example:
KeychainKey</key><data>a3ljaAABAAAAA...
Personal Recovery Key
Generally, the best practice is to recover the boot volume before recovering non-boot volumes since that mounts any other
volume that was encrypted. Recovering the boot volume typically corrects issues with non-boot volumes.
26
Tasks for the Encryption Client