Obtaining a recovery key
Users are prompted to enter the recovery key:
-
Windows: When the user has lost their PIN/passphrase/USB device, or the Trusted Platform Module (TPM) chip detects a change in the computer boot sequence.
-
macOS: When the user has lost their login password, or a change is detected in the computer boot sequence.
Cytomic Encryption stores the recovery keys for all encrypted computer drives that it manages. Therefore, you can obtain these recovery keys through the web management console. To obtain a recovery key, you need this data depending on the operating system installed on the computer:
-
Windows: You need the recovery key ID. The recovery key ID is a unique 40-digit string associated with each encrypted drive.
-
macOS: You need the ID of the recovery key associated with the computer. The same recovery key is used for all drives on a Mac computer.
Required permissions
| Permission | Access type |
|---|---|
|
Access recovery keys for encrypted drives |
To obtain and find the recovery key for an encrypted drive. |
Obtaining the recovery key ID for an encrypted drive (Windows computers)
When a user makes repeated attempts to enter an incorrect PIN or password while the device boots up, they are prompted to enter a BitLocker recovery key:
Press ESC to access the screen that shows the recovery key ID for the encrypted drive:
In the case of a recovery key ID for an encrypted partition, the screen shows only the first eight digits of the recovery key ID:
For more information about the encryption of drives on computers, see section Encryption and decryption on Windows computers.
Obtaining the ID of the recovery key associated with a computer (macOS computers)
When you try to access an encrypted computer, the login screen shows a message that contains the ID of the recovery key associated with the computer. The screen also recommends that you contact the encryption settings administrator.
Obtaining a recovery key
-
From the top menu, select Computers. Select the computer you want to obtain the recovery key for.
-
On the Details tab, Data protection section, click the Get recovery key link. To obtain a removable drive recovery key, click View encrypted devices on this computer.
The Get recovery key dialog box opens and shows the IDs of the encrypted drives on the computer.
-
Click the encrypted drive ID of the key you want to recover. The Get recovery key dialog box opens.
-
Click Copy recovery key and send it to the user.
Finding a recovery key
If the user has visibility of all the computers in an account, the search results also include the IDs of drives on computers that were deleted.
Finding a recovery key from the Encrypted Computers widget
-
From the top menu, select Status. From the side menu, select Full Encryption.
-
In the Encrypted Computers widget, click Recovery key search.
-
Type the ID of the recovery key you want to find. The recovery key that the user can use to unlock the encrypted drive is shown.
-
In the case of a recovery key ID for an encrypted partition, enter the first eight digits. The recovery key that the user can use to unlock the encrypted disk partition is shown.
If the first eight digits of a recovery key are the same for more than one key, all keys appear in the search results.
Finding a recovery key from the Computer Details page
-
From the top menu, select Computers. Select the computer you want to find the recovery key for.
-
On the Details tab, Data protection section, click the Get recovery key link. To obtain a removable drive recovery key, click View encrypted devices on this computer.
The Get recovery key dialog box opens and shows the IDs for all encrypted drives on the computer.
-
To find another recovery key, click Find another key.