Showing results for 
Search instead for 
Did you mean: 
Level 7

Disabling Admin Recovery and Self-Recovery

Hi everyone,

I would like to ask what would happen should a user need recovery if I were to disable both the admin recovery and self-recovery option in the policy assigned to their system. Is there an alternative recovery method I could do at the ePO side?

Your help will be greatly appreciated.



0 Kudos
3 Replies
Level 7

Re: Disabling Admin Recovery and Self-Recovery

Btw, I've been reading up and saw that we can use DETech to recover systems. So would that mean that it is ok for me to disable both the self-recovery and admin recovery option on the ePO console? I want the recovery process to be more secure, ie: I dont want any imposters to be doing the recovery on the client PC and gain access to the PC.

0 Kudos
Level 21

Re: Disabling Admin Recovery and Self-Recovery

You can't do admin recovery without epo access, and of course a detech recovery also requires epo access, so there really no point disabling admin recovery..

0 Kudos
Level 12

Re: Disabling Admin Recovery and Self-Recovery

If you have Intel AMT systems, then it might be worth taking a look at McAfee Deep Command and Drive Encryption : Out Of Band Management


It provides the following functionalitiy:

  • Reset User Password (without communication with ePO via the OS)
  • Emergency Boot (using a IDE redirection)
  • Restore MBR
  • Automatic unlock using CILA and CIRA
    • Permanent or for x number of times.

Also please be aware that the a mobile app callled McAfee Endpoint Assistant was also release for IOS and Android wint McAfee Drive Encryption 7.1.  This will allow a user to recovery there password without any interaction with the ePO server.

Take a look at the following link

Hope that helps.

0 Kudos