This article details how to decrypt a disk using a Whole Disk Recovery Token (WDRT).
In PGP Universal Server managed environments, administrators can enable Whole Disk Recovery Tokens (WDRT) for PGP Desktop clients which allow users to authenticate encrypted hard disks if the user forgets their passphrase.
Whole Disk Recovery Tokens (WDRT) are associated with encrypted devices, not single computers or single users. A single computer can be associated with multiple encrypted devices. If multiple users have accounts on the same device, they share the same whole disk recovery token. Whatever you do with the token affects all users sharing that device.
If necessary, you can use a Whole Disk Recovery Token (WDRT) to authenticate and decrypt the disk via the command line. Decrypting the disk via the command line is advantageous when connecting (slaving) a disk to another system in the event of a hardware failure.
To use a WDRT via the command line to decrypt a slaved disk
Type cmd in the Open field and click OK.
Change to the following directory: C:\Program Files\PGP Corporation\PGP Desktop
Determine the disk number by typing pgpwde --enum
Verify the WDRT of the authorized user of the disk by typing pgpwde --disk <Disk #> --verify-user --rt <Whole Disk Recovery token>
Decrypt the disk using a WDRT by typing pgpwde --disk <Disk #> --decrypt --rt <Whole Disk Recovery token>