Mauricio Osorio 2 Posted June 3, 2022 Posted June 3, 2022 Hi guys A client of ours asks us if it is possible to disable password encryption, this is because he fears that a user encrypts information and it will be lost if the user does not provide the password or worse if he dies. Or if there is any way to recover that information in case the password is not found. How can i help my client?.
Mauricio Osorio 2 Posted June 14, 2022 Author Posted June 14, 2022 Hi guys, Any ideas about this?. Regards.
ESET Staff JPritchard 11 Posted June 14, 2022 ESET Staff Posted June 14, 2022 Hello Mauricio, Is the User's ESET Endpoint Encryption client (EEE) managed by an ESET Endpoint Encryption Server (EEES)? If so, the encryption keys and recovery data are available in the EEES for the Administrator to decrypt and access the computer and data if necessary. However, if the User has a standalone version of EEE installed, then only they know their key-file password and FDE Admin credentials. You may wish to discuss with them sharing these details, however this creates a security risk of sharing important passwords. If they are using a standalone version of EEE, then you may want to encourage the User to create a key-file backup and create a backup of their FDE Admin password file ('adminpassword.html'). This file will have been generated at the time they originally performed FDE on their computer. This file is most likely stored on a USB device already. For more details, see: KB7571 - Back up Key-File in ESET Endpoint Encryption As a side note, it is possible to 'adopt' standalone clients into an EEES, so perhaps consider upgrading/purchasing an EEES to provide the means of recovery in such cases. I hope this helps! Jay Pritchard Technical Support Engineer III / Encryption Support Team Lead Mauricio Osorio 1
Mauricio Osorio 2 Posted June 14, 2022 Author Posted June 14, 2022 Thanks for your answer @JPritchard The user is managed by EEES. That is to say that if it is managed I can decrypt the information that the user has encrypted with a password?. If so, how should I go about the process? Best Regards.
ESET Staff Solution JPritchard 11 Posted June 15, 2022 ESET Staff Solution Posted June 15, 2022 (edited) Hello Mauricio, Thank you for clarifying that the user is managed by an EEES. I think you need to adjust the Group Policy in your EEES to prevent Users from encrypting data with passwords. This will force them to use encryption keys instead, which are backed up on the EEES itself. This avoids the situation of forgetting passwords entirely. Please see my attached image, as this shows the specific Group Policy setting that you need to change. After changing the setting, don't forget to post a key-file update out to the affected Users to push the new settings to their computers. For more information on this process, please see: KB7408 - ESET Endpoint Encryption Server group policy settings As for pre-existing data encrypted with passwords, it would be best to decrypt and then re-encrypt the data using a key instead. Please let me know if you have any further questions. Jay Pritchard Technical Support Engineer III / Encryption Support Team Lead Edited June 15, 2022 by JPritchard Formatting Mauricio Osorio 1
Mauricio Osorio 2 Posted June 15, 2022 Author Posted June 15, 2022 Thank you very much @jpritchard for your answer, this solves my doubt.
Recommended Posts