If your user has forgotten or incorrectly entered their Full Disk Encryption password too many times, you will need to recover their login using the ESET Endpoint Encryption Server. To do this you will need to perform the following steps:
- From the ESET Endpoint Encryption Server, you will need to find the User's Workstation.
- Double-click the Workstation to view the Workstation Details.
- Select the FDE Logins tab, highlight the FDE username then click the Recover button.
- You will be presented with the following window:
- On the User's Workstation, ask the User to select option Reset Password (Lost details on Legacy systems) from the menu.
- Ask them to input their FDE username in the window as shown below.
- Ask the user what Index number is displayed on their screen and provide the recovery password that matches their index number. If the index number is different to the Recovery Index shown in the ESET Endpoint Encryption Server, then you can use the arrow buttons to change the recovery password to the matching index.
- When the User enters the recovery password succesfully, they will then be informed of how many recovery uses they have remaining. To refresh the recovery uses, you must post an Update Recovery command (shown below). This will apply a new recovery password to the Workstation for the User.
If the user is not Single Sign-On (SSO) enabled
- If the user is not configured for Single Sign-On (SSO), then the User will be prompted to enter a new FDE password for future use.
- Important: The password Policy enforced in the recovery screen may differ to your current Group Policy. This is because the Policy is tied to the User's FDE Login at the time it was added to the Workstation.
If the user is Single Sign-On (SSO) enabled
- If the User is configured for SSO, they will not be prompted to change the password.
- The user will be booted to the Windows logon, which will require User to enter their domain password.
- Upon logging into their profile successfully, ESET Endpoint Encryption will automatically synchronise their FDE and Windows passwords.
- Once the user has booted into Windows, from the ESET Endpoint Encryption Server, click the Update Recovery button to send a new recovery password to the machine for use in the future.
KB397 - User is still in recovery mode
Keywords: Locked out user disabled FDE access denied lost password reset fde