Allow user to reset self-recovery answers

The client user's self-recovery details can be reset using the Allow users to re-enroll self-recovery information at PBA option available with the Product Settings policy.

Before you begin

Make sure that the Enable Self-recovery option is enabled under User Based PolicySelf-recovery.


  1. Click Menu | Systems | System Tree, then select a group under System Tree.
  2. Select a system, then click ActionsAgentModify Policies on a Single System to open the Policy Assignment page for that system.
  3. From the Product drop-down list, select Drive Encryption 7.2. The policy Categories under Drive Encryption appears with the system's assigned policy.
  4. Select the Product Settings policy category, then click Edit Assignments to open the Product Settings page.
  5. If the policy is inherited, select Break inheritance and assign the policy and settings below next to Inherit from.
  6. From the Assigned Policy drop-down list, select the policy, then click Edit Policy to open the Policy Settings page.
    From this page, you can edit the selected policy, or create a new policy.
  7. On the Recovery tab, select Allow users to re-enroll self-recovery information at PBA to enable the option.
  8. Click Save on the Policy Settings page, then click Save on the Product Settings page.
  9. Send an agent wake-up call.


When this policy is saved and enforced to the client system, the Pre-Boot Authentication (Username) screen includes the Reset Self Recovery option. The user selects this option and is prompted for a password, and then the self-recovery enrollment. The user should then enroll the self-recovery details with new self-recovery answers.
Note: Only initialized users can reset their self-recovery details.