For UEFI endpoints that meet certain requirements, SafeGuard Enterprise
offers Challenge/Response for recovery.
Users have to provide the challenge code
that is displayed on the BitLocker recovery screen and in return get a response
to be entered in the recovery screen.
On UEFI endpoints that do not
fulfill the requirements SafeGuard BitLocker management without
Challenge/Response is installed automatically. To recover these endpoints see
Recovery with BitLocker recovery key ID
and Recovery key for SafeGuard Enterprise endpoints below version 7.
-
In the SafeGuard Management Center, select to open the Recovery Wizard.
- On the Recovery type page, select SafeGuard Enterprise Client
(managed).
- Under Domain, select the required domain from the list.
- Under Computer enter or select the required computer name. There are
several ways to do so:
To select a name, click [...]. Then click Find now.
A list of computers is displayed. Select the required computer and
click OK. The computer name is displayed on
the Recovery type page.
Type the short name of the computer directly into the field. When you click
Next, the database is searched for this
name. If it is found, the distinguished computer name is
displayed.
Enter the computer name directly in the distinguished
name format, for example:
CN=Desktop1,OU=Development,OU=Headquarter,DC=Sophos,DC=edu
- Click Next.
-
Select the volume to be accessed from the list and click
Next.
- Click Next.
A page is displayed where you can enter the challenge code.
- Enter the challenge code the user has passed on to you and click
Next.
- A response code is generated. Provide the response code to the user. A spelling aid is
provided. You can also copy the response code to the clipboard.
The user can enter the response code and get access to the endpoint.
