If the User was given the ability to decrypt the machine open the Client Console and use the option to decrypt manually
When logging into the encrypted machine using the Symantec Endpoint Encryption Client Admin and opening the Client Console the option to decrypt the machine can be done manually.
Create a Group Policy Objects (GPO) (see steps 1-10 below), and run the .msi file manually on the machine
Create a GPO policy (see steps 1-14 below), and apply it to all the machines which are in the location in the Symantec Endpoint Encryption Manager. The remote decryption policy is used by policy administrators to decrypt all encrypted disk partitions on computers protected by Symantec Endpoint Encryption-Full Disk without having to physically send a client administrator to the location(s) of the computers.
Creating a Remote Decryption Policy. To create a remote decryption policy, perform the following steps:
Right-click Group Policy Objects on the navigation tree.
Click New. The New GPO (Group Policy Object Editor) window displays.
Type the name of the Group Policy Object you wish to create.
Click OK. The new Group Policy Object you created is displayed in the navigation tree.
Right-click the new Group Policy Object on the navigation tree.
Click Edit. The Group Policy Object Editor (GPOE) displays.
Drag and drop to link the policy to the target location containing the computers you wish to decrypt.
Restart the computers receiving this computer policy to cause it to take effect.
Monitor decryption progress using the Client Monitor.
Note: When recover.exe /D or /B is successfully run on a client computer, a new workstation encryption key (WEK) is created, causing the computer’s data stored in Active Directory Application Mode (ADAM) to become out of date. After successfully executing recover.exe /D or /B on a client computer, always make sure that the client computer checks in at least once so that the new data can be stored in ADAM.
Warning: Although decryption of all disk partitions begins immediately after the remote decryption policy has been processed on the client computer, remote decryption is a computer policy which is only processed at boot time.
When necessary the machine may be decrypted using the Recover utility option /d. This should be done only when other methods can not be utilized.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.