Showing results for 
Search instead for 
Did you mean: 
Level 7

Allowing help tech technicians to troubleshoot encrypted machines

Hi all.  I have a quick question.

We are rolling out EEPC (v.6.2) to our userbase.  We have tiered helpdesk system.  IT Security is responsible for encrypting the machines and setting the policies.  For main Windows issues (Windows 7), etc, we have a helpdesk.

My question is this:  What do I do when a user is having a Windows issue with their encrypted laptop and the helpdesk needs to log in and work on it?  Do they have to get the user's username/password to get them through the pre-boot (my users are set up for SSO so the pre-boot EEPC and the Active Directory network login are synced) and on to the machine?  And what if the user doesnt have enough rights to their machine to fix their issue?  Can a helpdesk person login with their own credentials and get in?  Is there a way for the user to enter the pre-boot stuff but then "break" the boot sequence so that the helpdesk tech can then log in as themselves into Windows?

I know how to do the break to get Windows booted in safe mode, but that's it.

I hope this makes sense.  I really need a answer-- sooner rather than later.

Any and all help is appreciated.

Thank you.


0 Kudos
1 Reply
Level 10

Re: Allowing help tech technicians to troubleshoot encrypted machines

Technicians need to be maped to the machine as well or other alternative for technicians to get SDB file... exported key from manager to decrypt or troubleshoot the issue.

Technically the key for encryption/decryption stored in 2 places

- 1. SBFS - inside the disk itself.. which protected by username & password..

- 2 . Endpoint Encryption Manager..

0 Kudos