Deployment Guide
Recovery
Recovery options are available in case user credentials expire or are lost:
• One-time Password (OTP): The user generates an OTP with the Security Tools Mobile app on an enrolled mobile device and enters
the OTP at the Windows logon screen to regain access. This option is available only if the user has enrolled a mobile device with
Security Tools on the computer. To use the OTP feature for recovery, the user must not have used OTP to log on to the computer.
NOTE: The One-time Password (OTP) feature requires that the TPM is present, enabled, and owned. Follow the
instructions in Clear Ownership and Activate the TPM. An OTP can be used either for authentication or for recovery,
but not for both. For details, see Configure Sign-in Options.
• Recovery Questions: The user correctly answers a set of personal questions to regain access to the computer. This option is
available only if the administrator has configured and enabled Recovery Questions, and the user has enrolled Recovery Questions. This
option can be used to regain access to the computer through both the Preboot Authentication screen and Windows logon screen.
Both recovery methods require that you have prepared for recovery, either by enrolling Recovery Questions or by enrolling a mobile device
with Security Tools on the computer.
Self-Recovery, Windows Logon Recovery
Questions
To answer Recovery Questions to recover access at the Windows logon screen:
1. To use the Recovery questions, click Can't access your account?
The Recovery Questions that you selected during enrollment display.
2. Enter the answers and click OK.
Upon successful entry of the answers to the questions, you enter Access Recovery mode. What happens next depends upon the
credential that failed.
• If you failed to enter the correct Windows password, then the Change Password screen displays.
6
38 Recovery