1) recover /A - attempts a repair of the SEE/GE volume files
2) recover /D - decrypts the drive using a Client Administrator credential
3) recover /B - decrypts the drive using a .dat file taken from the SEE/GE Management Server
4) recover /O - this command restores the drive to the OEM state, keeping user data intact
5) recover /S - this command restores the drive to the OEM state after performing a secure erase of user data
6) recover /F - Safe Mode Reboot
Note that options4&5only apply to managedOPAL compliant drives. These commands will have no effect on non-OPAL drives.
The last option simply restarts the machine, displaying the option to press F8 for Safe Mode.
This is used in situations where USB attached devices are non-responsive or other issues exist preventing us from entering Safe Mode normally.
Note : In case of OPAL drives, Encryption and Decryption of drives is done by OPAL itself, not SEE.
How to Export DAT File :
While running recovery media with /B, it asks for a recovery password which you create while exporting a recovery DAT file. This file is generated for individual client's from the Manager console. Every client will have a SID in Manager (SEMS/GEMS). With this SID we extract the WEK (DAT) file.
OpenSEE/GE Manager- Symantec Endpoint EncryptionReports-Computer Status Report- On the right pane you enter theComputer Nameand click on 'Run'. Once the report status is pulled up, highlight the computer name and click on 'Recover' It asks forManagement password. Now It would also prompt you to put a new password which is yourRecovery passwordand you save theWEK (DAT)file on a safe location. ThisDAT filealong with theRecover Passwordis required at the time of using Recover disk on Client machines, in caseNo Bootsituations.
Note: ** Exporting this file from Manager, we require Manager password.
Note: ** Client should have been checked in at least once onto the Manager.
Supporting article on How to use Recover /B to decrypt hard-disk :