The following sections provide information about the emergency recovery operations you can perform on hard disks.
Typical scenarios where you might need to decrypt a drive include:
ZENworks Full Disk Encryption was removed from the device before the drive was decrypted.
Decryption was interrupted abnormally (for example, because of a power failure).
To decrypt a drive:
Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.
In the Workbench tree, select the drive you want to decrypt, then click the Partition menu > Decrypt to display the Decrypt Drive dialog box.
Deselect the Decrypt only used sectors option if you want to decrypt all of the drive’s sectors (both used and unused).
Decrypting all sectors (used and unused) can take significantly longer than decrypting only used sectors.
Click OK to start the decryption process.
When a Disk Encryption policy is applied to a device, the ZENworks Full Disk Encryption Agent creates a 500 MB partition, referred to as the ZENworks partition, and modifies the master boot record (MBR) to set the ZENworks partition as the boot partition.
It is possible for other applications to modify the MBR and cause the device to no longer boot to the ZENworks partition. If this occurs, you can repair the MBR. Repairing the MBR fixes any problems that prevent the device from booting to the ZENworks partition.
Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.
Click the BootChain menu > Repair MBR to display the Repair MBR dialog box.
Click OK to start the repair process.
The dialog box closes when the repair is complete.
Close the application.
Shut down the device, then restart it.
When a Disk Encryption policy is applied to a Windows device, the ZENworks Full Disk Encryption Agent creates a 500 MB partition, referred to as the ZENworks partition, and modifies the master boot record (MBR) to set the ZENworks partition as the boot partition.
You can restore the original MBR if necessary.
Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.
Click the BootChain menu > Restore Original MBR to display the Restore Original MBR dialog box.
Click OK to start the restore process.
The dialog box closes when the original MBR is restored.
Close the application.
Shut down the device, then restart it.
The Emergency Recovery application can perform a secure erase of a standard hard disk. The process removes all data from the disk. This includes both encrypted and unencrypted volumes.
Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.
Click the Administration menu > Erase Harddrive, then follow the prompts.
It takes approximately 30 to 40 minutes to erase 10 GB of data, so the entire process can take a long time.
When the erasure process is complete, close the application.
Shut down the device.
The ZENworks Full Disk Encryption components (Full Disk Encryption Agent and ZENworks PBA) have an Administration password that is for internal administrative functions as well as several administrator functions available during ZENworks PBA login. The only time you should need to use this password is in conjunction with Micro Focus Support.
The password is device specific and is randomly generated when a Disk Encryption policy is applied to the device. The password is recorded in ZENworks Control Center in the same location as the device’s ERI file (Full Disk Encryption > Emergency Recovery).
You can use the Emergency Recovery application to assign a new Administrator password to a device.
Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.
Click the Administration menu > Set admin-password.
Specify a new password, and then click OK.
Close the application.