Regenerate Encryption Recovery Key
Learn how to regenerate the encryption recovery key for Windows or macOS devices.
About this task
On Mac devices, the end user will be prompted by a small utility to enter the username and password of a privileged user in order for regeneration of the recovery key to occur.
To retrieve escrowed recovery keys, operator or support person must log in directly to the Vault server interface (if you have set up Vault with the provided Fixlet, you can use the read user that was created). The 'bigfix' secret engine contains the recovery keys. Recovery keys are stored with identifiers based on the BigFix computer ID, computer name and last logged in user and can be searched in the Vault interface. The name of the entry in Vault has these values as of the time the recovery key was escrowed.
To regenerate full disk encryption recovery key, complete these steps.Procedure
- From WebUI, click
- On the Modern Client Management page, click Action
-
On the available list of actions, click Regenerate Encryption
Recovery Key.
- On the following page, click Edit Devices to select the target Windows or macOS devices.
- Review your selection and click Deploy.