Export key recovery file

If you use role-based administration, you must have the right Global encryption settings.

For more information, see About roles and sub-estates.

The key recovery file is used to initiate the Challenge/Response procedure on the endpoint computer when the Power-on Authentication is corrupt and the user cannot log on to the computer. The key recovery file must be exported. To initiate a Challenge/Response procedure when the Power-on authentication is corrupt, see the Sophos Disk Encryption tools guide.

To export the key recovery file:

  1. On the Tools menu, click Manage encryption and select Export key recovery file.
  2. Select a location for the key recovery file *.TOK.
  3. Make the key recovery file available to the help desk.