Btw, I've been reading up and saw that we can use DETech to recover systems. So would that mean that it is ok for me to disable both the self-recovery and admin recovery option on the ePO console? I want the recovery process to be more secure, ie: I dont want any imposters to be doing the recovery on the client PC and gain access to the PC.
You can't do admin recovery without epo access, and of course a detech recovery also requires epo access, so there really no point disabling admin recovery..
It provides the following functionalitiy:
- Reset User Password (without communication with ePO via the OS)
- Emergency Boot (using a IDE redirection)
- Restore MBR
- Automatic unlock using CILA and CIRA
- Permanent or for x number of times.
Also please be aware that the a mobile app callled McAfee Endpoint Assistant was also release for IOS and Android wint McAfee Drive Encryption 7.1. This will allow a user to recovery there password without any interaction with the ePO server.
Take a look at the following link https://www.youtube.com/watch?v=k1LhoagIlC8
Hope that helps.