Restore Expired Drive Encryption Account Without Recovery
We have a number of systems where we currently have Drive Encryption Preboot Authenticaton Disabled but the drives are encrypted. We now want to enable PBA on these systems but the user accounts on them are expired because the users never set passwords on their accounts. We have the "Expire users who do not login" option enabled in the DE password policy.
Is there a way where we can unexpire these accounts, without using an Administrative recovery, so that users would be able to use the temporary password to setup their account? If that is not the case, is there a way that we could effectively delete the account from the workstation or ePO, while leaving the drive encrypted, so that the account would resync and allow the user to perform their account setup?
Effectively we are trying to avoid having to do Administrative recoveries on 30+ machines just so that the end user can setup their DE account before we enable PBA.
Re: Restore Expired Drive Encryption Account Without Recovery
It sounds like you want to reset these users' tokens so that upon next login through PBA it will act like they are setting up for the first time and ask to set the password. To do this, you can run the query DE: Users to list all DE users, find the user and check the box, then click Actions, Drive Encryption, Reset Token. Typing that from memory so it may be off.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.