Unlock Computer

For users whose computers have been encrypted with Bitlocker or Symantec Endpoint Encryption, the service desk can assist in unlocking a locked computer. The service desk agent will be presented with a series of screens that will guide the user through the unlocking process and provide the response key required for unlocking the computer.

Unlocking the Computer

Once the user’s identity has been verified (see Verify identity), click the Unlock computer tab.
Choose the correct encryption software (Bitlocker or Symantec) according to what the user is running. For users running Symantec Endpoint Encryption, an additional choice will have to be made depending to the type of Symantec:
1. Native Symantec Endpoint Encryption (recognizable by the last logon time indicated on the screen)
2. Symantec Endpoint Encryption for Bitlocker (user’s screen says Bitlocker Recovery)
3. Older versions of Symantec Endpoint Encryption (user’s screen says WDRT token)
Depending on the type of encryption, a particular number has to be input by the service desk agent.
1. Native Symantec Endpoint Encryption: Sequence number
2. Symantec Endpoint Encryption for Bitlocker: Recovery Key ID
3. Older versions of Symantec Endpoint Encryption: Machine/Disk ID (UUID or DISKID)
4. Native Bitlocker: Recovery Key ID
Choose how to relay the recovery key to the user. Note that multiple methods can be chosen. Check the desired method, or check none if the service desk agent chooses to only read the number to the user.
- To user via email (the mail will be sent to the email address associated with the user in Active Directory)
- To user via text message (the text will be sent to the mobile number associated with the user in Active Directory)
- To manager via email (the text will be sent to the manager associated with the user in Active Directory). This option is only visible if enabled in the settings, see Enabling additional notification methods section below.
- To manager via text (the text will be sent to the manager associated with the user in Active Directory). This option is only visible if enabled in the settings, see Enabling additional notification methods section below.
- To custom email. Use the dropdown to choose between different registered domains. This option is only visible if enabled in the settings, see Enabling additional notification methods section below.
- By reading it to the user.
Click Continue; the service desk agent will be presented with a Recovery key. If none of the methods above (email or text message) was chosen, the number needs to be read to the user for them to input it on their computer.

Note

For users running native Symantec Endpoint Encryption, there will be a checksum code above the Recovery key field that can be used to verify that the user has entered the correct key into their computer (in which case they codes should match).

Enabling additional notification methods

In addition to the user's email and mobile phone, several additional notification methods can be enabled. This is especially helpful if the user's email and mobile number have not been configured in Active Directory. The following methods can be enabled:

Send to manager (email and text message, if correctly configured in Active Directory)
Send to custom email

Select Service Desk in the left navigation.
Click the Settings tab.
Expand Key Recovery options.
Check Enable sending the Recovery Key to managers to enable sending to a manager.
Check Enable sending the Recovery Key to custom email addresses to enable sending to custom emails.
Click Save.