Flexible Security For Your Peace of Mind
  • Request Pricing
  • Blog
  • About
    • Company
    • Partners
    • Careers
    • News
  • English
  • Deutsch
  • Français
  • English
site logo
  • Products
    • Specops Password Policy Continuously block breached passwords from Active Directory & enforce compliance requirements
    • Specops Password Reset Enable users with our SSPR solution to securely reset their AD passwords & update local cached credentials off or on VPN
    • Specops Password Auditor Scan your AD for compromised passwords & other password vulnerabilities with this FREE tool
    • Specops Secure Access Add two-factor authentication to Windows logon, VPN connections, and RDP connections
    • Specops Secure Service Desk Enforce end-user identity verification at the service desk & prevent social engineering attacks
    • External Attack Surface Management (EASM) Enhance cyber resilience with real-time discovery, analysis, and monitoring of your entire attack surface.
    • More Products See the full product catalogue for Active Directory password management & end user authentication
  • Resources
    • Datasheets Downloadable datasheets with feature specifications for our products
    • Videos On-demand product videos and walkthroughs
    • Whitepapers Best practice guides for securing your Active Directory passwords
    • Case Studies Real-world examples of how businesses use our products
    • Reviews Product reviews from experts and customers
  • Support
  • Contact Us
    ×
  • Select language
  • Deutsch
  • Français
  • English
Datasheets

Specops Key Recovery Datasheet

Download PDF

Do you want users to unlock their computers without calling the helpdesk?

Contact Us

Specops Key Recovery is a self-service solution for unlocking computers encrypted by Microsoft BitLocker and Symantec Endpoint Encryption. A user who is locked out at the pre-boot authentication screen can use Specops Key Recovery to unlock their computer, without calling the helpdesk. For added security, users are verified with multi-factor authentication. The solution supports a number of authentication factors, including Duo Security, Symantec VIP, Okta, PingID and YubiKey.

To protect corporate data and address regulatory requirements, organizations are increasingly turning to endpoint encryption solutions. Encryption at the hardware level of a storage device, commonly referred to as full-disk encryption (FDE), protects confidential information from unauthorized access.

FDE solutions, such as BitLocker and Symantec Endpoint Encryption, create a pre-boot authentication environment that require a secret key when the computer is started, or when a lockout is triggered. Without a self-service recovery solution, FDE will drive calls to the helpdesk.

Features

BitLocker Alone BitLocker with Specops Symantec Endpoint Encryption Alone Symantec Endpoint Encryption with Specops
Self-service key recovery Yes (MBAM integrated with SCCM) Yes Yes Yes
Remote self-service key recovery No Yes No Yes
Multi-factor authentication No Yes (20+ identity providers) No (security questions) Yes (20+ identity providers)
Integration with self-service password reset No Yes, with Specops uReset No Yes, with Specops uReset

How does it work?

You can configure Specops Key Recovery by installing the Gatekeeper component in your organization’s corporate network. The Gatekeeper will access Symantec Endpoint Encryption and/or BitLocker to relay recovery keys for end users. The recovery key is encrypted inside the corporate network, and decrypted once it reaches the user’s device. Specops Key Recovery does not access sensitive resources from Symantec Endpoint Encryption, or BitLocker.

When a user attempts a self-driven key recovery, Specops Key Recovery will prompt the user to authenticate with the identity service(s) from their enrollment. The enrollment data is stored on a sub-object of their user account in the on-premises Active Directory.

What does it look like?

Admin Experience

Specops Key Recovery enhances security by extending multi-factor authentication to self-service key recovery. There are over 20+ identity services available to ensure that you can select the best options for your users, including ID service options that require no end-user enrollment action. Lifting the burden of end user enrollment ensures your rollout of Specops Key Recovery is quick and easy.

However, since not all identity services are equally secure, administrators can assign each identity service a trust value, based on their perceived level of security. The trust assignment is managed via stars, as shown in the administrator view to the left.

What does it look like for end users?

End user experience

After verifying their identity via the methods configured by their administrator, the end user can follow the steps on screen to finish the recovery key process, as shown here.

The simple interface (available in multiple languages) helps minimize encryption lockout calls to the service desk.

What people are saying


Really great product

 

“Overall, I think that Specops Key Recovery is a really great product that will go a long way toward helping organizations prevent BitLocker-related data loss.”
     – Brien Posey, Microsoft MVP, Techgenix review

Really impressed with the management portal and support

“I was impressed with Specops Key Recovery for BitLocker, the management portal, and the support I received.”
     – Robert Pearman, Microsoft MVP, 4sysops review

Get a Demo of Specops Key Recovery

Interested to see how Specops Key Recovery can work in your organization? Click here to start a key recovery demo or trial today.

  • Outpost24
  • Products
  • Resources
  • Support
  • Blog
  • About
  • Contact Us

© 2025 Specops Software. All rights reserved.

  • Privacy and Data Policy

This website uses cookies to ensure you get the best experience on our website. Learn more

Got It!