Recovery procedure to reset FRP encrypted removable media and recover data from optical media devices.
User client-side actions:
- When users forget their authentication credentials, to initiate recovery, they can either:
- Click Forgot Password on the Authentication window.
OR
- Click Recover media under the Removable Media section from the FRP client console (Windows clients only).
A challenge code (with the phonetics) is displayed to the user, with a recovery message that is customizable by the Administrator.
- The user can now contact the helpdesk with the challenge code.
Administrator server-side actions:
As an ePO user, your FRP Recovery permission set must be set to Manage Recovery to generate a response code for users.
- In ePO, click Menu, Data Protection, FRP Recovery.
- Depending on the type of media to be recovered, select one of the following:
- Removable Media Recovery
OR
- Optical Media Recovery
- In the Challenge Code field, enter the code provided by the user.
The system starts to automatically match/filter with the known entries once 12 characters have been entered to quicken the recovery process. It is also possible to speed up the lookup by selecting vendor and product filters with removable media recovery.
NOTES: For the client recovery information to be available on ePO, the following must happen at the client:
- The events have to be generated at the time of initialization. This action applies to both removable or optical media devices.
- The events sent and processed by ePO.
- The above automatically occurs at the next client agent-to-server communication (ASCI).
- Once a match of the Challenge Code with the available database has been established, the following details are displayed:
- User name (user who initialized the device)
- Device size
- Last access time
The above help in verification of the caller’s identity.
- Click Recover. A response code is generated. Read out the response code to the user.
NOTES:
- Depending on the type of media and the applied policy, the user might be asked to reset the authentication credentials after entering the response code.
- For Removable Media Recovery, users are asked to reset their authentication credentials to complete the recovery process.
- For Optical Media Recovery, the media is unlocked to enable data recovery.
An ePO Audit log is generated with details of the ePO user or administrator who generated the Response Code. With the user for whom the code was generated. An event is also generated for
Recovery /
Credential Change when the operation is performed on an FRP client.
NOTE: The event for
Recovery /
Credential Change on FRP client was introduced in FRP 5.0.1, and is generated only for FRP Windows clients.
