Encryption Recovery v11
Transcript Of Encryption Recovery v11
Encryption Recovery v11.4
May 2022 Rev. A01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2012-2022 Dell Inc. All rights reserved. Registered trademarks and trademarks used in the Dell Encryption and Endpoint Security Suite Enterprise suite of documents: Dell™ and the Dell logo, Dell Precision™, OptiPlex™, ControlVault™, Latitude™, XPS®, and KACE™ are trademarks of Dell Inc. Cylance®, CylancePROTECT, and the Cylance logo are registered trademarks of Cylance, Inc. in the U.S. and other countries. McAfee® and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel®, Pentium®, Intel Core Inside Duo®, Itanium®, and Xeon® are registered trademarks of Intel Corporation in the U.S. and other countries. Adobe®, Acrobat®, and Flash® are registered trademarks of Adobe Systems Incorporated. Authen tec® and Eikon® are registered trademarks of Authen tec. AMD® is a registered trademark of Advanced Micro Devices, Inc. Microsoft®, Windows®, and Windows Server®, Windows Vista®, Windows 7®, Windows 10®, Active Directory®, Access®, BitLocker®, BitLocker To Go®, Excel®, Hyper-V®, Outlook®, PowerPoint®, Word®, OneDrive®, SQL Server®, and Visual C++® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware® is a registered trademark or trademark of VMware, Inc. in the United States or other countries. Box® is a registered trademark of Box. Dropbox ℠ is a service mark of Dropbox, Inc. Google™, Android™, Google™ Chrome™, Gmail™, and Google™ Play are either trademarks or registered trademarks of Google Inc. in the United States and other countries. Apple®, App Store℠, Apple Remote Desktop™, Boot Camp™, FileVault™, iPad®, iPhone®, iPod®, iPod touch®, iPod shuffle®, and iPod nano®, Macintosh®, and Safari® are either servicemarks, trademarks, or registered trademarks of Apple, Inc. in the United States and/or other countries. EnCase™ and Guidance Software® are either trademarks or registered trademarks of Guidance Software. Entrust® is a registered trademark of Entrust®, Inc. in the United States and other countries. Mozilla® Firefox® is a registered trademark of Mozilla Foundation in the United States and/or other countries. iOS® is a trademark or registered trademark of Cisco Systems, Inc. in the United States and certain other countries and is used under license. Oracle® and Java® are registered trademarks of Oracle and/or its affiliates. Travelstar® is a registered trademark of HGST, Inc. in the United States and other countries. UNIX® is a registered trademark of The Open Group. VALIDITY™ is a trademark of Validity Sensors, Inc. in the United States and other countries. VeriSign® and other related marks are the trademarks or registered trademarks of VeriSign, Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec Corporation. KVM on IP® is a registered trademark of Video Products. Yahoo!® is a registered trademark of Yahoo! Inc. Bing® is a registered trademark of Microsoft Inc. Ask® is a registered trademark of IAC Publishing, LLC. Other names may be trademarks of their respective owners.
Contents
Chapter 1: Getting Started with Recovery..................................................................................... 5 Contact Dell ProSupport for Software.......................................................................................................................... 5
Chapter 2: Policy-Based or File/Folder Encryption Recovery.........................................................6 Perform System Data Encryption or FFE Recovery................................................................................................... 6 Overview of the Recovery Process.......................................................................................................................... 6 Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client............................................. 6 Obtain the Recovery File - Locally Managed Computer.......................................................................................7 Perform a Recovery...................................................................................................................................................... 8 Encrypted Drive Data Recovery......................................................................................................................................11 Recover Encrypted Drive Data................................................................................................................................. 12
Chapter 3: Hardware Crypto Accelerator Recovery...................................................................... 16 Recovery Requirements................................................................................................................................................... 16 Overview of the Recovery Process...............................................................................................................................16 Perform HCA Recovery.................................................................................................................................................... 16 Obtain the Recovery File - Remotely Managed Computer................................................................................ 16 Obtain the Recovery File - Locally Managed Computer..................................................................................... 17 Perform a Recovery.....................................................................................................................................................18
Chapter 4: Self-Encrypting Drive (SED) Recovery....................................................................... 24 Recovery Requirements...................................................................................................................................................24 Overview of the Recovery Process.............................................................................................................................. 24 Perform SED Recovery....................................................................................................................................................24 Obtain the Recovery File - Remotely Managed SED Client.............................................................................. 24 Obtain the Recovery File - Locally Managed SED Client...................................................................................25 Perform a Recovery....................................................................................................................................................25 Challenge Recovery with SED..................................................................................................................................28
Chapter 5: Full Disk Encryption Recovery.................................................................................... 31 Recovery Requirements................................................................................................................................................... 31 Overview of the Recovery Process...............................................................................................................................31 Perform Full Disk Encryption Recovery........................................................................................................................31 Obtain the Recovery File - Full Disk Encryption Client....................................................................................... 31 Perform a Recovery....................................................................................................................................................32 Challenge Recovery with Full Disk Encryption..................................................................................................... 34
Chapter 6: Full Disk Encryption and Dell Encryption Recovery..................................................... 38 Recovery Requirements...................................................................................................................................................38 Overview of the Recovery Process.............................................................................................................................. 38 Perform Recovery of a Full Disk Encrypted and Dell Encrypted Disk.................................................................. 38 Obtain the Recovery File - Full Disk Encryption Client...................................................................................... 38 Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client...........................................39 Perform a Recovery....................................................................................................................................................40
Contents
3
Challenge Recovery with Full Disk Encryption..................................................................................................... 42
Chapter 7: PBA Device Control.................................................................................................... 46 Use PBA Device Control..................................................................................................................................................46
Chapter 8: General Purpose Key Recovery................................................................................... 47 Recover the GPK...............................................................................................................................................................47 Obtain the Recovery File........................................................................................................................................... 47 Perform a Recovery....................................................................................................................................................48
Chapter 9: BitLocker Manager Recovery..................................................................................... 50 Recover Data..................................................................................................................................................................... 50
Chapter 10: Password Recovery.................................................................................................. 52 Recovery Questions..........................................................................................................................................................52
Chapter 11: Encryption External Media Password Recovery......................................................... 55 Recover Access to Data..................................................................................................................................................55 Self-Recovery.....................................................................................................................................................................57
Chapter 12: Appendix A - Download the Recovery Environment................................................... 59
Chapter 13: Appendix B - Creating Bootable Media...................................................................... 60 Burning the Recovery Environment ISO to CD/DVD............................................................................................... 60 Burning the Recovery Environment on Removable Media......................................................................................60
4
Contents
1
Getting Started with Recovery
This section details what is needed to create the recovery environment. ● CD-R, DVD-R media, or formatted removable media
○ If burning a CD or DVD, review Burning the Recovery Environment ISO to CD/DVD for details. ○ If using removable media, review Burning the Recovery Environment on Removable Media for details. ● Recovery Bundle for failed device ○ For remotely managed clients, instructions that follow explain how to retrieve a recovery bundle from your Dell Security
Management Server. ○ For locally managed clients, the recovery bundle package was created during setup on either a shared network drive or
on external media. Please locate this package before proceeding.
Contact Dell ProSupport for Software
Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call. For phone numbers outside of the United States, see Dell ProSupport for Software international phone numbers.
Getting Started with Recovery
5
2
Policy-Based or File/Folder Encryption Recovery
Recovery is needed when the encrypted computer will not boot to the operating system. This occurs when the registry is incorrectly modified or hardware changes have occurred on an encrypted computer. With Policy-Based Encryption or File/Folder Encryption (FFE) recovery, you can recover access to the following: ● A computer that does not boot and that displays a prompt to perform SDE Recovery. ● A computer displays BSOD with a STOP Code of 0x6f or 0x74. ● A computer on which you cannot access encrypted data or edit policies. ● A server running Dell Encryption that meets either of the preceding conditions. ● A computer on which the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
NOTE: Hardware Crypto Accelerator is not supported, beginning with v8.9.3.
Perform System Data Encryption or FFE Recovery
Follow these steps to perform System Data Encryption recovery.
Overview of the Recovery Process
NOTE: For Dell Servers running v10.2.8 and earlier, recovery requires a 32-bit environment. Dell Servers running v10.2.9 and later provide 32-bit and 64-bit recovery bundles. To recover a failed system: 1. Burn the recovery environment onto a CD/DVD or create a bootable USB. See Appendix A - Burning the Recovery Environment. 2. Obtain the Recovery file. 3. Perform the recovery.
Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client
Obtain the recovery file. The recovery file can be downloaded from the Management Console. To download the Disk Recovery Keys generated when you installed Dell Encryption: a. Open the Management Console and, from the left pane, select Populations > Endpoints. b. Enter the hostname of the endpoint, then click Search. c. Select the name of the endpoint. d. Click Device Recovery Keys.
6
Policy-Based or File/Folder Encryption Recovery
e. Enter a password to download the Device Recovery Keys.
f. Copy the Device Recovery Keys to a location where it can be accessed when booted into WinPE.
Obtain the Recovery File - Locally Managed Computer
To obtain the Encryption Personal recovery file: 1. Locate the recovery file named LSARecovery_ .exe file. This file was stored on a network drive or
removable storage when you went through Setup Wizard while installing Encryption Personal.
Policy-Based or File/Folder Encryption Recovery
7
2. Copy LSARecovery_ .exe to the target computer (the computer to recover data).
Perform a Recovery
1. Using the bootable media created earlier, boot to that media on a recovery system or on the device with the drive you are attempting to recover. A WinPE Environment opens. NOTE: Disable SecureBoot before the recovery process. When finished, re-enable SecureBoot.
2. Enter x and press Enter to get a command prompt.
3. Navigate to the recovery file and launch it.
8
Policy-Based or File/Folder Encryption Recovery
4. Select one option: ● My system fails to boot and displays a message asking me to perform SDE Recovery. This will allow you to rebuild the hardware checks that the Encryption client performs when you boot into the OS.
● My system does not allow me to access encrypted data, edit policies, or is being reinstalled. Use this if the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
5. In the Backup and Recovery Information dialog, confirm that the information about the client computer to be recovered is correct and click Next.
When recovering non-Dell computers, the SerialNumber and AssetTag fields will be blank.
Policy-Based or File/Folder Encryption Recovery
9
6. In the dialog that lists the computer's volumes, select all applicable drives and click Next. Shift-click or control-click to highlight multiple drives. If the selected drive is not Policy-Based or FFE-encrypted, it will fail to recover.
7. Enter your recovery password and click Next.
With a remotely managed client, this is the password provided in step e in Obtain the Recovery File - Remotely Managed Computer.
In Encryption Personal, the password is the Encryption Administrator Password set for the system at the time the keys were escrowed.
10
Policy-Based or File/Folder Encryption Recovery
May 2022 Rev. A01
Notes, cautions, and warnings
NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death.
© 2012-2022 Dell Inc. All rights reserved. Registered trademarks and trademarks used in the Dell Encryption and Endpoint Security Suite Enterprise suite of documents: Dell™ and the Dell logo, Dell Precision™, OptiPlex™, ControlVault™, Latitude™, XPS®, and KACE™ are trademarks of Dell Inc. Cylance®, CylancePROTECT, and the Cylance logo are registered trademarks of Cylance, Inc. in the U.S. and other countries. McAfee® and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. in the US and other countries. Intel®, Pentium®, Intel Core Inside Duo®, Itanium®, and Xeon® are registered trademarks of Intel Corporation in the U.S. and other countries. Adobe®, Acrobat®, and Flash® are registered trademarks of Adobe Systems Incorporated. Authen tec® and Eikon® are registered trademarks of Authen tec. AMD® is a registered trademark of Advanced Micro Devices, Inc. Microsoft®, Windows®, and Windows Server®, Windows Vista®, Windows 7®, Windows 10®, Active Directory®, Access®, BitLocker®, BitLocker To Go®, Excel®, Hyper-V®, Outlook®, PowerPoint®, Word®, OneDrive®, SQL Server®, and Visual C++® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. VMware® is a registered trademark or trademark of VMware, Inc. in the United States or other countries. Box® is a registered trademark of Box. Dropbox ℠ is a service mark of Dropbox, Inc. Google™, Android™, Google™ Chrome™, Gmail™, and Google™ Play are either trademarks or registered trademarks of Google Inc. in the United States and other countries. Apple®, App Store℠, Apple Remote Desktop™, Boot Camp™, FileVault™, iPad®, iPhone®, iPod®, iPod touch®, iPod shuffle®, and iPod nano®, Macintosh®, and Safari® are either servicemarks, trademarks, or registered trademarks of Apple, Inc. in the United States and/or other countries. EnCase™ and Guidance Software® are either trademarks or registered trademarks of Guidance Software. Entrust® is a registered trademark of Entrust®, Inc. in the United States and other countries. Mozilla® Firefox® is a registered trademark of Mozilla Foundation in the United States and/or other countries. iOS® is a trademark or registered trademark of Cisco Systems, Inc. in the United States and certain other countries and is used under license. Oracle® and Java® are registered trademarks of Oracle and/or its affiliates. Travelstar® is a registered trademark of HGST, Inc. in the United States and other countries. UNIX® is a registered trademark of The Open Group. VALIDITY™ is a trademark of Validity Sensors, Inc. in the United States and other countries. VeriSign® and other related marks are the trademarks or registered trademarks of VeriSign, Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec Corporation. KVM on IP® is a registered trademark of Video Products. Yahoo!® is a registered trademark of Yahoo! Inc. Bing® is a registered trademark of Microsoft Inc. Ask® is a registered trademark of IAC Publishing, LLC. Other names may be trademarks of their respective owners.
Contents
Chapter 1: Getting Started with Recovery..................................................................................... 5 Contact Dell ProSupport for Software.......................................................................................................................... 5
Chapter 2: Policy-Based or File/Folder Encryption Recovery.........................................................6 Perform System Data Encryption or FFE Recovery................................................................................................... 6 Overview of the Recovery Process.......................................................................................................................... 6 Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client............................................. 6 Obtain the Recovery File - Locally Managed Computer.......................................................................................7 Perform a Recovery...................................................................................................................................................... 8 Encrypted Drive Data Recovery......................................................................................................................................11 Recover Encrypted Drive Data................................................................................................................................. 12
Chapter 3: Hardware Crypto Accelerator Recovery...................................................................... 16 Recovery Requirements................................................................................................................................................... 16 Overview of the Recovery Process...............................................................................................................................16 Perform HCA Recovery.................................................................................................................................................... 16 Obtain the Recovery File - Remotely Managed Computer................................................................................ 16 Obtain the Recovery File - Locally Managed Computer..................................................................................... 17 Perform a Recovery.....................................................................................................................................................18
Chapter 4: Self-Encrypting Drive (SED) Recovery....................................................................... 24 Recovery Requirements...................................................................................................................................................24 Overview of the Recovery Process.............................................................................................................................. 24 Perform SED Recovery....................................................................................................................................................24 Obtain the Recovery File - Remotely Managed SED Client.............................................................................. 24 Obtain the Recovery File - Locally Managed SED Client...................................................................................25 Perform a Recovery....................................................................................................................................................25 Challenge Recovery with SED..................................................................................................................................28
Chapter 5: Full Disk Encryption Recovery.................................................................................... 31 Recovery Requirements................................................................................................................................................... 31 Overview of the Recovery Process...............................................................................................................................31 Perform Full Disk Encryption Recovery........................................................................................................................31 Obtain the Recovery File - Full Disk Encryption Client....................................................................................... 31 Perform a Recovery....................................................................................................................................................32 Challenge Recovery with Full Disk Encryption..................................................................................................... 34
Chapter 6: Full Disk Encryption and Dell Encryption Recovery..................................................... 38 Recovery Requirements...................................................................................................................................................38 Overview of the Recovery Process.............................................................................................................................. 38 Perform Recovery of a Full Disk Encrypted and Dell Encrypted Disk.................................................................. 38 Obtain the Recovery File - Full Disk Encryption Client...................................................................................... 38 Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client...........................................39 Perform a Recovery....................................................................................................................................................40
Contents
3
Challenge Recovery with Full Disk Encryption..................................................................................................... 42
Chapter 7: PBA Device Control.................................................................................................... 46 Use PBA Device Control..................................................................................................................................................46
Chapter 8: General Purpose Key Recovery................................................................................... 47 Recover the GPK...............................................................................................................................................................47 Obtain the Recovery File........................................................................................................................................... 47 Perform a Recovery....................................................................................................................................................48
Chapter 9: BitLocker Manager Recovery..................................................................................... 50 Recover Data..................................................................................................................................................................... 50
Chapter 10: Password Recovery.................................................................................................. 52 Recovery Questions..........................................................................................................................................................52
Chapter 11: Encryption External Media Password Recovery......................................................... 55 Recover Access to Data..................................................................................................................................................55 Self-Recovery.....................................................................................................................................................................57
Chapter 12: Appendix A - Download the Recovery Environment................................................... 59
Chapter 13: Appendix B - Creating Bootable Media...................................................................... 60 Burning the Recovery Environment ISO to CD/DVD............................................................................................... 60 Burning the Recovery Environment on Removable Media......................................................................................60
4
Contents
1
Getting Started with Recovery
This section details what is needed to create the recovery environment. ● CD-R, DVD-R media, or formatted removable media
○ If burning a CD or DVD, review Burning the Recovery Environment ISO to CD/DVD for details. ○ If using removable media, review Burning the Recovery Environment on Removable Media for details. ● Recovery Bundle for failed device ○ For remotely managed clients, instructions that follow explain how to retrieve a recovery bundle from your Dell Security
Management Server. ○ For locally managed clients, the recovery bundle package was created during setup on either a shared network drive or
on external media. Please locate this package before proceeding.
Contact Dell ProSupport for Software
Call 877-459-7304, extension 4310039 for 24x7 phone support for your Dell product. Additionally, online support for Dell products is available at dell.com/support. Online support includes drivers, manuals, technical advisories, FAQs, and emerging issues. Be sure to help us quickly connect you to the right technical expert by having your Service Tag or Express Service Code available when you call. For phone numbers outside of the United States, see Dell ProSupport for Software international phone numbers.
Getting Started with Recovery
5
2
Policy-Based or File/Folder Encryption Recovery
Recovery is needed when the encrypted computer will not boot to the operating system. This occurs when the registry is incorrectly modified or hardware changes have occurred on an encrypted computer. With Policy-Based Encryption or File/Folder Encryption (FFE) recovery, you can recover access to the following: ● A computer that does not boot and that displays a prompt to perform SDE Recovery. ● A computer displays BSOD with a STOP Code of 0x6f or 0x74. ● A computer on which you cannot access encrypted data or edit policies. ● A server running Dell Encryption that meets either of the preceding conditions. ● A computer on which the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
NOTE: Hardware Crypto Accelerator is not supported, beginning with v8.9.3.
Perform System Data Encryption or FFE Recovery
Follow these steps to perform System Data Encryption recovery.
Overview of the Recovery Process
NOTE: For Dell Servers running v10.2.8 and earlier, recovery requires a 32-bit environment. Dell Servers running v10.2.9 and later provide 32-bit and 64-bit recovery bundles. To recover a failed system: 1. Burn the recovery environment onto a CD/DVD or create a bootable USB. See Appendix A - Burning the Recovery Environment. 2. Obtain the Recovery file. 3. Perform the recovery.
Obtain the Recovery File - Policy-Based Encryption or FFE Encryption Client
Obtain the recovery file. The recovery file can be downloaded from the Management Console. To download the Disk Recovery Keys generated when you installed Dell Encryption: a. Open the Management Console and, from the left pane, select Populations > Endpoints. b. Enter the hostname of the endpoint, then click Search. c. Select the name of the endpoint. d. Click Device Recovery Keys.
6
Policy-Based or File/Folder Encryption Recovery
e. Enter a password to download the Device Recovery Keys.
f. Copy the Device Recovery Keys to a location where it can be accessed when booted into WinPE.
Obtain the Recovery File - Locally Managed Computer
To obtain the Encryption Personal recovery file: 1. Locate the recovery file named LSARecovery_
removable storage when you went through Setup Wizard while installing Encryption Personal.
Policy-Based or File/Folder Encryption Recovery
7
2. Copy LSARecovery_
Perform a Recovery
1. Using the bootable media created earlier, boot to that media on a recovery system or on the device with the drive you are attempting to recover. A WinPE Environment opens. NOTE: Disable SecureBoot before the recovery process. When finished, re-enable SecureBoot.
2. Enter x and press Enter to get a command prompt.
3. Navigate to the recovery file and launch it.
8
Policy-Based or File/Folder Encryption Recovery
4. Select one option: ● My system fails to boot and displays a message asking me to perform SDE Recovery. This will allow you to rebuild the hardware checks that the Encryption client performs when you boot into the OS.
● My system does not allow me to access encrypted data, edit policies, or is being reinstalled. Use this if the Hardware Crypto Accelerator card or the motherboard/TPM must be replaced.
5. In the Backup and Recovery Information dialog, confirm that the information about the client computer to be recovered is correct and click Next.
When recovering non-Dell computers, the SerialNumber and AssetTag fields will be blank.
Policy-Based or File/Folder Encryption Recovery
9
6. In the dialog that lists the computer's volumes, select all applicable drives and click Next. Shift-click or control-click to highlight multiple drives. If the selected drive is not Policy-Based or FFE-encrypted, it will fail to recover.
7. Enter your recovery password and click Next.
With a remotely managed client, this is the password provided in step e in Obtain the Recovery File - Remotely Managed Computer.
In Encryption Personal, the password is the Encryption Administrator Password set for the system at the time the keys were escrowed.
10
Policy-Based or File/Folder Encryption Recovery