- #SYMANTEC ENCRYPTION DESKTOP DECRYPT DRIVE HOW TO#
- #SYMANTEC ENCRYPTION DESKTOP DECRYPT DRIVE PASSWORD#
Select from the Workspace menu the option Decrypt Workspace to decrypt the read sectors in the memory.In the sector count section, type in the number of sectors that need to be read after the start sector.Usually sector 63 after decryption would show readable content. In the Load sector window enter the start sector to use for decryption in the workspace (memory), this can verify if the key is correct.From the menu Workspace select Load From Sectors.From the main menu click Workspace and select Open Workspace.From Select Machine, select the correct computer name.Select the computer's SDB file, then click OK.From the main menu click EEPC, then select Authenticate from Database.When prompted, type in the access code, then click OK.This loads the Endpoint Encryption interface. Start your computer with the BartPE CD/DVD.The knowledgebase article I have saved is no longer valid/available online. For Symantec/PGP whole disk encryption (perhaps depending on the version), you can use a recovery key file ("SDB" file) to decrypt using a boot cd.
#SYMANTEC ENCRYPTION DESKTOP DECRYPT DRIVE PASSWORD#
The "key sector" of the drive needs to have been recovered though for a password to work. In case of unmanaged SED, the WDRT token is generated when the encryption starts and is displayed in the window so end users are prompt to save it in a secure place.You do not need 100% of all sectors to decrypt most (or all?) encrypted drives. It is done by running the following command, assuming that "1QAZ2-WSX3E." is the token value: pgpwde -decrypt -disk 1 -recovery-token "1QAZ2-WSX3E-DC4RF-V5TGB-6YHN7-UJM" -aa Token can be taken from the Symantec Encryption Management Server (SEMS) console in case of managed Symantec Encryption Desktop (SED). It is possible to use also Whole Disk Recovery Token (WDRT) to decrypt the drive. You will notice that "lowwatermark" will be higher each time the command is executed:Ħ. The value next to "lowwatermark" indicates how many sectors have been decrypted so far, while "highwatermark" specifies how many sectors were originally encrypted. In order to see the decryption status, the command from step 2 needs to be run periodically. In the screenshot there were 2 attempts - the first one was incorrect password (error -11500), and the second was the correct one, so it can be used for decryption:ĥ. To do that, command pgpwde -auth -disk 0 -interactive needs to be executed. It is possible to check if the known passphrases are correct. It might happen, that the error will be displayed after executing the decrypt command (for example, if wrong passphrase was specified). Once the correct is inserted, the decryption process will start: Once this is executed, you will be prompted for passphrase. Next command to run is the decryption command: pgpwde -decrypt -disk 0 -interactive.
Check if there are users assigned to this disk - passphrase for any of that assigned user would be used for the decryption:Ĥ. Assuming that the affected drive is "0", run pgpwde -disk-status -disk 0 in order to see the status of the disk - is it encrypted, decrypted, instrumented:ģ. Run pgpwde -enum in order to check what is the disk number for the encrypted boot drive:Ģ. Once machine is booted from that iso, so you see the command-line window with the path "X:\windows\system32", follow the below steps:ġ.
#SYMANTEC ENCRYPTION DESKTOP DECRYPT DRIVE HOW TO#
How to Customize Windows PE 4.0 and above using Symantec Encryption Desktop 10.3.2 and PGPRecoveryGUI.exe Here is the document which describes in details the process of customizing the Windows PE: In order to be able to boot affected machine using the Recovery CD, you need to create first custom Windows PE iso, which can be then burned on CD.
0 kommentar(er)
