We are using the FRP 5.10 ePO extension. Our one and only Grant Key policy grants a single regular key to the FRP clients. However, we are seeing that the FRP clients are also using the personal key of the logged on user.
It looks to me as if personal keys are always provisioned to the clients even if there is no corresponding policy. Is this correct? Or, is there a way to disable the provisioning of the personal keys while keeping them enabled und FRP keys / Settings?
1st unload all the personal keys from Grant Key policy or role.
ClickMenu→Data Protection→FRP keys.
Select the user personal key, then clickActions→Edit Key.
User Personal Key details is usually used for recovery purpose by End-users.
User Personal Keys
These keys are generated and managed centrally in ePO.
They are generated at the time a user requests a key from ePO.
The User Personal Key is unique to each user. There is one User Personal Key created for each user that requests it. Thus, data encrypted with the User Personal Key can't be read by others, or shared with others.
The key is unique to one user, and assigned only to that user.
The Key Administrator can locate a User Personal Key in ePO, and if needed, change its attribute to be a generally available key. The Key Administrator can then assign other users to that specific User Personal Key. Which is a typical use case when a User Personal Key is used as an FRP Recovery Key.
By granting an Auditor, or Forensics Agent access to a user’s User Personal Key, it is possible to read data off that user’s removable devices. Do not confuse User Personal Keys with User Local Keys. It is assumed the Removable Media Protection policy states it is the Recovery key.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.