4.3 Performing Recovery Operations on a Self-Encrypting Hard Disk

The following sections provide information about the emergency recovery operations you can perform on self-encrypting hard disks. For information about emergency recovery operations for standard hard disks, see Performing Recovery Operations on a Standard Hard Disk.

4.3.1 Unlocking a Drive

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

When a device powers down, the ZENworks PBA locks the self-encrypting hard disk. You can use the Emergency Recovery application to unlock the disk. After you unlock the disk, the ZENworks PBA is bypassed and the device boots directly to the Windows operating system

The disk remains unlocked unless the ZENworks PBA is still enabled. In that case, the next time the device powers down, the ZENworks PBA locks the disk.

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.

  2. Click the Security menu > Unlock Drive, then click Yes when prompted to continue.

    The Emergency Recovery application unlocks the self-encrypting hard disk.

  3. When the hard disk is unlocked, click File > Exit to close the application.

  4. Restart the device.

    The ZENworks PBA is bypassed and the device boots to Windows.

4.3.2 Deactivating the PBA

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

When you deactivate the ZENworks PBA, the PBA login is bypassed and the device boots directly to the Windows operating system. The PBA remains deactivated until you use the Emergency Recovery application to reactivate it. It can also be reactivated by removing the current Disk Encryption policy from the device (so that the ZENworks PBA is removed) and then reapplying a Disk Encryption policy (so that the ZENworks PBA is installed).

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. In necessary, see Launching the Emergency Recovery Application.

  2. Click the Recovery menu > Deactivate PBA, then click Yes when prompted to continue.

    The Emergency Recovery application deactivates the ZENworks PBA and unlocks the self-encrypting hard disk.

  3. When the deactivation process is complete, click File > Exit to close the application.

  4. Restart the device.

    The device boots to Windows.

4.3.3 Activating the PBA

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

If you have deactivated the ZENworks PBA on a device (see Deactivating the PBA), you can use the Emergency Recovery application to reactivate the PBA.

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.

  2. Click the Recovery menu > Activate PBA, then follow the prompts.

  3. When the deactivation process is complete, click File > Exit to close the application.

  4. Shut down the device, then start it.

    The device must be powered down. When it is started, the device boots to the ZENworks PBA.

4.3.4 Removing the PBA

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

When you remove the ZENworks PBA, the Linux system and PBA components are removed from the disks MBR shadow. The device then boots directly to the Windows operating system.

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.

  2. Click the Recovery menu > Remove PBA, then follow the prompts.

    The Emergency Recovery application removes the ZENworks PBA and unlocks the self-encrypting hard disk.

  3. When the removal process is complete, click File > Exit to close the application.

  4. Restart the device.

    The device boots to Windows.

4.3.5 Erasing the Disk

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

The Emergency Recovery application can perform a secure erase of a self-encrypting hard disk. The process removes the ZENworks PBA, erases the encryption key from the disk’s dCard, removes the ZENworks PBA, and resets the hard disk to factory settings. The data on the hard disk becomes unreadable and the disk is ready for reuse.

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.

  2. Click the Security menu > Crypto Erase, then follow the prompts.

  3. When the erasure process is complete, close the application.

  4. Shut down the device.

4.3.6 Setting the Administration Password

This section applies to self-encrypting hard drives. It does not apply to standard hard drives.

The ZENworks Full Disk Encryption components (Full Disk Encryption Agent and ZENworks PBA) have an Administration password that is for internal administrative functions as well as several administrator functions available during ZENworks PBA login. The only time you should need to use this password is in conjunction with Micro Focus Support.

The password is device specific and is randomly generated when a Disk Encryption policy is applied to the device. The password is recorded in ZENworks Control Center in the same location as the device’s ERI file (Full Disk Encryption > Emergency Recovery Information).

You can use the Emergency Recovery application to assign a new Administrator password to a device.

  1. Make sure you have launched the Emergency Recovery application and loaded the device’s ERI file. See Launching the Emergency Recovery Application.

  2. Click the Administration menu > Set Admin Password.

  3. Specify a new password, then click OK.

  4. Click File > Exit to close the application.