Skip navigation
Currently Being Moderated

How to recover encrypted data in case of a forgotten password in LANDesk Device Control

VERSION 6  Click to view document history
Created on: Jan 21, 2010 11:45 AM by Dave Holland - Last Modified:  Mar 16, 2013 8:25 AM by Dave Holland

In order to recover encrypted data if the password is lost in LANDesk Device Control 9, appropriate steps must be taken during the creation of the archive, and then steps taken to recover the data later if the password is lost.

 

Creating an encrypted archive on the client computer

 

1. Run the LANDesk Encryption Utility on the client computer by selecting it from the "LANDesk  Management" group in the Start Menu.

2. Within the LANDesk Encryption Utility select the "Advanced" menu and choose "New Encrypted Folder"

3. Enter a password to be applied to the encrypted folder.  Enter the password a 2nd time for verification.

4. Check the box marked "Allow administrator to recover your data if you forget your password"

         (IMPORTANT: If this box is not selected, recovery of the data will not be possible)

5. Enter your name or other identifier for the Administrator to view during the recovery process.

 

Note: If after these steps, the OK button is still greyed out, the passwords entered in step 3 do not match, or not meet the complexity requirements.  (Password complexity requirements are that the password must contain at least six characters, contain an upper and lowercase letter, and include a number or a special character.   For example "Landesk1 or LAN_Desk*".

 

Recovering the encrypted data

 

In order to recover the encrypted password, the following steps must be taken:

 

End User on the client computer:

 

1. Run the LANDesk Encryption Utility on the client computer by selecting it from the "LANDesk  Management" group in the Start Menu.

2. Under the "Advanced" menu select "Open Encrypted Folder" and then browse to the encrypted folder archive file (.LDZ extension) and select "Open"

3. The user will be presented with the "Enter Password" dialog box.

4. Select the "Reset Password" button.

5. In the "Password Reset Options" dialog, select "Create Password Reset Request file"

6. A "Save As" dialog will be presented.   Enter the desired name of the Password Reset Request file and save to the chosen location.

7. Send the .Request file to the LANDesk Administrator with details of the request and a link to this Community Article.  This can be done via e-mail or any other preferred method of file transfer.

 

LANDesk Administrator on the Core Server

 

1. From a Command Prompt, navigate to the C:\Program Files\LANDesk\Shared Files folder

2. Run "EncUnlock <.request file name>.  The unlock utility will state "The person entitled to receive this file previously identified themselves as: <Name entered in Creating an Encrypted Archive - Step 5>

3. A file "<originalfilename.request>.unlocked" will be created.

 

*IMPORTANT* this .unlocked file effectively disables all security associated with the encrypted directory, so it should be treated as such.  The moment this file is created, the encrypted directory is effectively compromised permanently.  This .unlocked file should be treated like a secret password and delivered back to the user as securely as possible.

 

4. This file should be sent to the end user with the following instructions:

 

End User on the client computer:

 

1. Run the LANDesk Encryption Utility on the client computer by selecting it from the "LANDesk  Management" group in the Start Menu.

2. Under the "Advanced" menu select "Open Encrypted Folder" and then browse to the encrypted folder archive file (.LDZ extension) and select "Open"

3. The user will be presented with the "Enter Password" dialog box.

4. Select the "Reset Password" button.

5. In the "Password Reset Options" dialog, select "Use Password Reset file"

6. Browse to the ".unlocked" file and click "Open".

7. The End User will be prompted to set a new password for the encrypted archive.

(Note: The same password complexity requirements still apply: The password must be at least 6 characters long and contain three of the four items: Upper case letters, Lower case letters, Digits (0-9), Special Characters ($#@!, etc.))

8. The user should immediately copy all files out of the encrypted directory and then delete the encrypted directory, because it is now permanently compromised.

9. The user should create a brand new encrypted directory and copy all files (that he/she copied out in the previous step) into the new one.

 

Note: The encryption utlity will only work from the core server that the client was installed from.   The EncUnlock utility by itself cannot generate unlocks.

Comments (1)
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software