If your user has forgotten or incorrectly entered their Full Disk Encryption password too many times, you will need to recover their login using the Enterprise Server. To do this you will need to perform the following steps:

• From the Enterprise Server, you will need to find the user's workstation by either clicking Workstations or the team within which the user's machine is located in the navigation tree.
• Click on the workstation in the right hand window to highlight it.
• Click the Details button.

• When the workstation card appears, select the FDE Logins tab, select the appropriate FDE user account then click the Recover button.

•  You will be presented with the following window

• On the users workstation get the user to select option 2 - Lost details from the menu, input their username then press enter. An Indexnumber will appear in the bottom right hand corner of the screen just above the Workstation ID (example shown below where index is 00000000).
• Ask the user what Index number is displayed, if it is different to the value for Recovery Index shown in the Enterprise Server, use the arrow buttons to change the selection to the matching index.  Once you have confirmed the user you are communicating with is the correct user, read the Recovery Password to them so they can enter it in the password entry. Note, the recovery password is also displayed in phonetics to eradicate any misinterpretation of the characters.

• As soon as the user has input the recovery password which you have given them, they will then be informed of how many recovery uses they have remaining. They will need to press Enter.
• If the FDE login type is a normal login, they will be presented with the following screen where a new password will need to be selected. 

• The user at this point will need to input a new Pre-Boot password which will need to conform to their password policy (if enabled). When they have achieved this, the bar underneath will turn green and the user will need to confirm the password and then press enter. 
• Providing the two passwords match, Windows will start to load and the user's new Full Disk Encryption password will be the password they have just set.
• If the login is an SSO login, Windows will start without requiring the user enters a new password.  The act of the user entering their Windows password and logging into their Windows profile will automatically resynchronise their FDE and Windows passwords.
• Reboot to check that the SSO password has successfully processed the re-sync.
• Once the user has booted into Windows, from the Enterprise Server, click the Update Recovery button (shown below) to send a new recovery password to the machine for use in the future.

Related Articles

KB397 - User is still in recovery mode

Keywords: Locked out user disabled FDE access denied lost password reset fde