About
Help Desk Recovery

With
Help Desk Recovery
, you can access your encrypted computer if you lose your password, your smart card is rekeyed or replaced, or there is a lockout state at preboot. This recovery feature is enabled or disabled for a computer by the administrative policies of
Symantec Endpoint Encryption Management Server
. All you need is to provide your computer information to the help desk, receive a Response Key, and then use the Response Key to access your computer.
A Response Key (also known as
One-Time Password
) that the
Help Desk Recovery
provides is associated with an encrypted computer, not a user. Each computer has a unique Response Key that unlocks the encrypted disk on that computer.
Based on the connectivity of the client with
Symantec Endpoint Encryption Management Server
,
Help Desk Recovery
offers two types of recovery mode:
  • Online Recovery
    Online Recovery is possible when the client establishes a connection with
    Symantec Endpoint Encryption Management Server
    after installation. The server receives data about the client that it requires to generate a Response Key in the future.
    Help Desk Recovery
    requires minimum authentication for the computer and does not involve a Challenge Key.
  • Offline Recovery
    Offline Recovery is required when the client has never communicated with
    Symantec Endpoint Encryption Management Server
    after installation. The server does not find any data about the client that it requires to generate Response Key.
    Help Desk Recovery
    requires a Challenge Key for authentication.
When you recover from a forgotten password, you are prompted to enter a new password when the Windows operating system starts. Contact your local administrator to get your new Windows password. Alternatively, when the
Windows Password Reset
feature is enabled, you can reset your Windows password without external assistance if all of the prerequisites are fulfilled.