Setting up your Symantec Endpoint Encryption account with Specops Key Recovery

Specops Key Recovery requires access to the Symantec Endpoint Encryption Help Desk, in order to recover devices locked by Symantec Endpoint Encryption, or BitLocker (managed by Symantec Endpoint Encryption).

To access the Symantec Endpoint Encryption Help Desk WebConsole, Specops Key Recovery needs the credentials for an account with access to the Help Desk part of Symantec Endpoint Encryption.

It is recommended that a new user is created in Active Directory. This user essentially allows Specops Key Recovery to recover locked computers. This account must have an secure password, as it will never be used to manually access the Symantec Endpoint Encryption Help Desk. The password and username will be encrypted and stored on each Specops Gatekeeper, and is only used by this service.

  1. Create a new user in Active Directory (so that Specops Key Recovery can access the Help Desk) and name it SpecopsKeyRecoveryUser.
  2. Open SEEMS Configuration Manager. This can be found on the server where you installed Symantec Endpoint Encryption.
  3. Under Server Roles, add the newly created Active Directory user. As this user will only access the Help Desk part of the product, it should only be granted the ‘Help Desk’ permission. Leave all other permissions unselected.
  4. Enter the credentials for this user in the setup wizard.