Administrator Guide
Policy-Based or File/Folder Encryption Recovery
Recovery is needed when the encrypted computer will not boot to the operating system. This occurs when the registry is incorrectly
modied or hardware changes have occurred on an encrypted computer.
With Policy-Based Encryption or File/Folder Encryption (FFE) recovery, you can recover access to the following:
• A computer that does not boot and that displays a prompt to perform SDE Recovery.
• A computer displays BSOD with a STOP Code of 0x6f or 0x74.
• A computer on which you cannot access encrypted data or edit policies.
• A server running Dell Encryption that meets either of the preceding conditions.
• A computer on which the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
NOTE: Hardware Crypto Accelerator is not supported, beginning with v8.9.3.
Overview of the Recovery Process
NOTE
: Recovery requires a 32-bit environment.
To recover a failed system:
1 Burn the recovery environment onto a CD/DVD or create a bootable USB. See Appendix A - Burning the Recovery Environment.
2 Obtain the Recovery le.
3 Perform the recovery.
Perform Policy-Based Encryption or FFE Recovery
Follow these steps to perform Policy-Based Encryption or FFE recovery.
Obtain the Recovery File - Policy-Based Encryption or FFE
Encryption Client
Obtain the recovery le.
The recovery le can be downloaded from the Management Console. To download the Disk Recovery Keys generated when you
installed Dell Encryption:
a Open the Management Console and, from the left pane, select Populations > Endpoints.
b Enter the hostname of the endpoint, then click Search.
c Select the name of the endpoint.
d Click Device Recovery Keys.
2
6 Encryption Recovery
Policy-Based or File/Folder Encryption Recovery