Administrative helpdesk recovery for Removable and Optical media devices

In case of forgotten password scenarios, end users can use a helpdesk-assisted challenge and response mechanism to reset encrypted removable media and recover data from optical media. The recovery process can be used in both onsite and offsite scenarios (even on endpoints without the software installed). This feature is enabled by default.

  • Helpdesk recovery for Removable Media devices is the only recovery option available for FRP OS X clients.
  • Helpdesk recovery for Optical Media devices was introduced with FRP 5.0.1, and is only available for Windows platforms.

When end users forget their authentication credentials, to initiate recovery, perform either of the below options:

  • Click Forgot Password on the Authentication window.
  • Click Recover media under the Removable Media section on the FRP client console (Windows clients only).

A challenge code (with the phonetics) is displayed to the client user along with a recovery message that is customizable by the administrator. The user can now contact the helpdesk with the challenge code.

As a McAfee ePO user, your FRP Recovery permission set must be set to Manage Recovery to be able to generate a response code for end users.

Task

  1. Log on to the ePolicy Orchestrator server as an administrator.
  2. Click MenuData ProtectionFRP Recovery
  3. Select the Removable Media Recovery or Optical Media Recovery tab.
  4. In the Challenge Code field, type the code provided by the user. The system starts to automatically match/filter with the known entries after 12 characters have been entered to quicken the recovery process. It is also possible to speed up the lookup by selecting vendor and product filters with Removable Media Recovery.
    Note: For the recovery information to be available on McAfee ePO, events generated at the time of initialization of the removable media/optical media device on the FRP client need to have been sent and processed by McAfee ePO. This automatically occurs at the next client ASCI.
    Once a match of the challenge code with the available database has been established, details such as user name (user who initialized the device), device size, and last access time are displayed verify the caller's identity.
  5. Click Recover to generate a response code. Read out the response code to the user. Depending on the type of media and the applied policy, the user may be asked to reset the authentication credentials after entering the response code. For Removable Media Recovery, users will be asked to reset their authentication credentials to complete the recovery process. For Optical Media Recovery, the media will be unlocked to enable data recovery.
  6. A McAfee ePO audit log is generated with details of the McAfee ePO user or administrator, who generated the response code along with the client user for whom the code was generated. An event is also generated for Recovery/Credential Change when the operation is performed on a FRP client.
    Note: The event for Recovery/Credential Change on the client was introduced in FRP 5.0.1, and is generated only for FRP Windows clients.