Markwd 1 Posted March 26, 2020 Share Posted March 26, 2020 (edited) Hello, I am missing some options in ESMC that would allow me to quickly find the Workstation ID of a device through the ESMC console. As far as I can see, the only option for this is to use Help - Encryption Recovery It would be nice if you could also see the Workstation ID under Computer Details or (even maybe better) see the Workstation ID as a column row in the Computers overview in ESMC. At this moment when I log in with an account that has limited rights (on just one Static Group for example) I cannot use the Encryption Recovery option under Help, although I have set the Encryption Recovery Read and Use Rights in the Permission Set of that account. Any thoughts on this? Edited March 26, 2020 by Markwd Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted March 26, 2020 ESET Staff Share Posted March 26, 2020 Could you please provide more details of why would you need to have access to workstation ID? As you mentioned, it is currently used only as a backup for recovery in case it is not possible to recovery device from data provided in client details - in other words, it it supposed to be a fallback for cases where client is no longer managed in ESMC or hardware was changed (i.e. disk moved to different device). 9 hours ago, Markwd said: At this moment when I log in with an account that has limited rights (on just one Static Group for example) I cannot use the Encryption Recovery option under Help, although I have set the Encryption Recovery Read and Use Rights in the Permission Set of that account. This is currently intentional due to security. Searching recovery data bypasses standard security mechanisms used in ESMC, based on static groups hierarchy and thus access to this "fallback" for recovery is available only for users which has access to all devices, and thus leak of data to non-privileges users is not used. We will probably reconsider this approach if suitable solutions will be found, without risk of leaking data or loosing access to recovery data. Link to comment Share on other sites More sharing options...
Markwd 1 Posted March 27, 2020 Author Share Posted March 27, 2020 Hello MartinK, Thank you for your respons. In case a user does not know their preboot password anymore, we need to identify which workstation the user is working on at that moment. As the user does not know their preboot password (for what reason), he/she does not have access to the Windows Operating System to provide us unique details of the workstation (such as Computername or ip-address). The only unique point of recognition I can find in the preboot login page is the Workstation ID. In our EEE (Deslock) environment we use this all the time to match the workstation the user is dealing with, with the device in the EEE Server environment. This is also described as part of the procedure for decrypting an FDE disk in KB7150: https://support.eset.com/en/kb7150-remove-eset-endpoint-encryption-from-a-workstation (Verify that the WorkstationID value displayed matches the Workstation ID on the client. How do I find my Workstation ID?) (I was almost certain at some point this was also described as part of the password recovery procedure, but I cannot find this anymore). Also thank you for clearifying the usage of the usage for the Encryption Recovery option under Help. From my view this was the only point for matching the Workstation ID (and then from that point on do a Password Recovery). I can see from your point of view why this has been blocked. Link to comment Share on other sites More sharing options...
Recommended Posts