Restoring access to a drive protected by Kaspersky Disk Encryption technology
If a user has forgotten the password for accessing a hard drive protected by Kaspersky Disk Encryption technology, you need to start the recovery procedure (Request-Response). You can also use the service account to gain access to the hard disk if this feature is enabled in disk encryption settings.
Restoring access to the system hard drive
Restoring access to a system hard drive protected by Kaspersky Disk Encryption technology consists of the following steps:
- The user reports the request blocks to the administrator (see the figure below).
- The administrator enters the request blocks into Kaspersky Security Center, receives the response blocks and reports the response blocks to the user.
- The user enters the response blocks in the Authentication Agent interface and obtains access to the hard drive.
Restoring access to a system hard drive protected by Kaspersky Disk Encryption technology
To start the recovery procedure, the user needs to click the Forgot your password button in the Authentication Agent interface.
How to obtain response blocks for a system hard drive protected by Kaspersky Disk Encryption technology in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
- In the workspace, select the Devices tab.
- On the Devices tab, select the computer of the user requesting access to encrypted data and right-click to open the context menu.
- In the context menu, select Grant access in offline mode.
- In the window that opens, select the Authentication Agent tab.
- In the Encryption algorithm in use block, select an encryption algorithm: AES56 or AES256.
The data encryption algorithm depends on the AES encryption library that is included in the distribution package: Strong encryption (AES256) or Lite encryption (AES56). The AES encryption library is installed together with the application.
- In the Account drop-down list, select the name of the Authentication Agent account of the user who requested recovery of access to the drive.
- In the Hard drive drop-down list, select the encrypted hard drive for which you need to recover access.
- In the User request block enter the blocks of request dictated by the user.
As a result, the contents of the blocks of the response to the user's request for recovery of the user name and password of an Authentication Agent account will be displayed in the Access key field. Convey the contents of the response blocks to the user.
Granting access in offline mode
How to obtain response blocks for a system hard drive protected by Kaspersky Disk Encryption technology in the Web Console
- In the main window of the Web Console, select Devices → Managed devices.
- Select the check box next to the name of the computer whose drive you want to restore access to.
- Click the Grant access to the device in offline mode button.
- In the window that opens, select the Authentication Agent section.
- In the Account drop-down list, select the name of the Authentication Agent account created for the user who is requesting recovery of the Authentication Agent account name and password.
- Enter the request blocks conveyed by the user.
The contents of the blocks of the response to the user's request for recovery of the user name and password of the Authentication Agent account will be displayed at the bottom of the window. Convey the contents of the response blocks to the user.
After completing the recovery procedure, the Authentication Agent will prompt the user to change the password.
Restoring access to a non-system hard drive
Restoring access to a non-system hard drive protected by Kaspersky Disk Encryption technology consists of the following steps:
- The user sends a request access file to the administrator.
- The administrator adds the request access file to Kaspersky Security Center, creates an access key file and sends the file to the user.
- The user adds the access key file to Kaspersky Endpoint Security and obtains access to the hard drive.
To start the recovery procedure, the user needs to attempt to access a hard drive. As a result, Kaspersky Endpoint Security will create a request access file (a file with the KESDC extension), which the user needs to send to the administrator, for example, by email.
How to obtain an access key file for an encrypted non-system hard drive in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
- In the workspace, select the Devices tab.
- On the Devices tab, select the computer of the user requesting access to encrypted data and right-click to open the context menu.
- In the context menu, select Grant access in offline mode.
- In the window that opens, select the Data Encryption tab.
- On the Data Encryption tab, click the Browse button.
- In the window for selecting a request access file, specify the path to the file received from the user.
You will see information about the user's request. Kaspersky Security Center generates a key file. Email the generated encrypted data access key file to the user. Or save the access file and use any available method to transfer the file.
Granting access in offline mode
How to obtain an encrypted non-system hard drive access key file in the Web Console
- In the main window of the Web Console, select Devices → Managed devices.
- Select the check box next to the name of the computer whose data you want to restore access to.
- Click the Grant access to the device in offline mode button.
- Select Data Encryption.
- Click the Select file button and select the request access file that you received from the user (a file with the KESDC extension).
The Web Console will display information about the request. This will include the name of the computer on which the user is requesting access to the file.
- Click the Save key button and select a folder to save the encrypted data access key file (a file with the KESDR extension).
As a result, you will be able to obtain the encrypted data access key, which you will need to transfer to the user.
Page top