Note: This feature will be unavailable if your license doesn't include Full Disk
Challenge/Response helps users who cannot log on to their computers or access encrypted
data. During the Challenge/Response procedure, the user provides a challenge code generated on the endpoint
computer to the help desk officer. The help desk officer then generates a response code that authorizes the
user to perform a specific action on the computer.
For users to be able to recover access with
Challenge/Response, the following prerequisites must be fulfilled:
- Challenge/Response needs to be enabled for endpoint computers in a full disk encryption policy.
- If you use role-based administration, you must have the right Remediation - encryption
recovery. For more information, see About roles and sub-estates.
- If the user has forgotten their password, you must reset it in the Active Directory before
generating the response code.
- If the user cannot log on because the Power-on Authentication is corrupt, make sure that the key
recovery file is exported and available in the user environment to initiate the Challenge/Response
procedure, see Export key recovery file.
Access to the endpoint computer is recovered.