Recovering users and systems Resetting a remote user’s password or replacing the user's lost logon token requires a challenge and response procedure. Enable or disable the self-recovery functionalityThe Self-recovery option allows the user to reset a forgotten password by answering a set of security questions. A list of security questions is set by the administrator using McAfee ePO. If the answers from the user match what has been stored with their self-recovery information, they can proceed through the recovery process. Perform self-recovery on the client computerUse this option to recover the user on the client computer, if the user's password or the logon token has been lost. Enable or disable the administrator recovery functionalityThe client system prompts for authentication on the pre-boot logon page to access the system. When a user forgets the password, is disabled in the Active Directory, or loses the token, the user can't log on to the system. Perform administrator recovery on the client systemIf the user's password or the logon token has been lost, perform this task on the client computer to recover the user or the system. Generate the response code for the administrator recoveryThe administrator types the challenge code, which is provided by the user, on the McAfee ePO console and generates the response code required for the administrator (system and user) recovery. Smartphone recovery When a Drive Encryption user forgets the PBA password or loses the logon token, the user must perform the smartphone recovery on the client system to reset the password or replace the logon token. Perform system recovery using the Data Protection Self Service Portal This section describes the installation, configuration, and operation of the Data Protection Self Service Portal (DPSSP), which can be used with DE to allow users to obtain the recovery key or response code for a Drive Encryption system.