Provide a Recovery Key for an End-user

Recovery Keys enable a user to access the encrypted device if they forget their password, or if an encrypted drive needs to be installed in a new computer.

Devices using TPM without a PIN option do not need to enter a pre-boot password, but will require the Recovery Keys if moving the drive to a new device.

During the device boot up, the user needs to enter their password or PIN to access the drives on the device. If they forget their password or PIN, they can press the Escape key to obtain a Key ID / Protector ID / Recovery Key ID. This is the key that they give to your technician. The technician then retrieves the Recovery Key and issues this to the end-user. The end-user enters the Recovery Key into the device, sets a new Passphrase or PIN and can then resume use of the device.

How to Retrieve the Disk Encryption Manager Recovery Key

  1. Locate the user's device in the All Devices view North-pane, and right-click it to open the device context menu
  2. Select Managed Antivirus > Retrieve Recovery Key. The Retrieve Recovery Key dialog opens

  3. Enter the Key ID / Protector ID / Recovery Key ID provided by the user and then click Retrieve Recovery Key to display the Recovery Key
  4. Provide the user with the Recovery Key to allow them to unlock their device. You can use the Copy Recovery Key button to copy the key to the clipboard

  5. Once the user enters the Recovery Key on their computer, they must create a new password or PIN before unlocking the drive

Please see Disk Encryption End-user Experience for further end-user actions.

Important considerations

  • If you close your N-sight RMM account (trial or full), you must rely on the Recovery Key Report. Generate and save this report securely before closing your account. We do not store recovery keys after account closure.
  • If you delete devices from N-sight RMM, the last known recovery key remains in the Recovery Key Report for 90 days only.
  • If you remove Disk Encryption Manager but keep the device in N-sight RMM, you can still access the Recovery Key Report. This report includes the last known recovery key before the device returned control to the end user. The end user may have re-encrypted the device, which changes the recovery key.
  • Recommendation: Run the Recovery Key Report and store it in a secure location before performing any other actions. Otherwise, you will not be able to access recovery keys from N-sight RMM or Technical Support.