[KB7149] Reset a Managed User's Full Disk Encryption password

Issue

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE. Visit What's new in ESET Full Disk Encryption to view EFDE content.

  • Recover a user login in ESET Endpoint Encryption Server

Solution

If a user has forgotten or incorrectly entered their Full Disk Encryption password too many times, you will need to recover their login using the ESET Endpoint Encryption Server:

  1. From the ESET Endpoint Encryption Server, find the workstation for the user.
  1. Double-click the workstation to view the workstation details.

  2. Click the FDE Logins tab, highlight the FDE username and then click Recover.

  3. The Recover FDE Login window will be displayed as shown below.

Figure 1-1

  1. On the user's workstation, ask the user to select Reset Password (Lost details on Legacy systems) from the menu.
  1. Ask them to type their FDE username and click OK as shown below.

    Figure 1-2

  2. Ask the user for the Recovery Index number displayed on their screen. Provide the user the corresponding Recovery Password. If the index number displayed on their screen is different from the Recovery Index displayed in ESET Endpoint Encryption Server, use the arrow buttons to change the recovery password to match the index. When the user successfully enters the recovery password, they will be informed of how many recoveries they have remaining. To refresh the recovery uses, post an Update Recovery command as shown below. This will apply a new Recovery Password to the workstation for the user.

    Figure 1-3

  3. Type the Recovery Password and click OK.

    Figure 1-4

  4. If the user is configured for Single Sign-On (SSO), skip to step 9. If the user is not configured for SSO, the user will be prompted to enter a new FDE password for future use.
    Password policy may differ from current group policy

    The password policy enforced in the recovery screen may differ from your current group policy. This is because the policy is tied to the user's FDE Login at the time it was added to the workstation.

    Figure 1-5

  5. If the user is configured for SSO, they will not be prompted to change the password. The user will start at to the Windows login screen and be required to enter their domain password. Once they log in to their profile successfully, ESET Endpoint Encryption will automatically synchronize their FDE and Windows passwords. Once the user has logged in to Windows, navigate to the ESET Endpoint Encryption Server and click Update Recovery to send a new recovery password to the machine for future use.