In This Section: |
Users can be denied access to their Full Disk Encryption-protected computers or Media Encryption & Port Protection-protected devices for many different reasons. They might have forgotten their password or entered the incorrect password too many time. In the worst case scenario, a hacker might have tried access the computer or device.
Remote Help can help users in these types of situations. The user contacts the Help Desk or specified administrator and follows the recovery procedure.
Note - An Endpoint Security administrator can give Remote Help only if you enable Remote Help in the OneCheck User Settings policy. |
Administrators can supply Remote Help through SmartEndpoint or through an online web portal.
There are two types of Full Disk Encryption Remote Help:
For USB storage devices protected by Media Encryption & Port Protection policies, only remote password change is available.
Administrators can use the built in Remote Help or online portal on the Endpoint Security Management Server, or create a dedicated server for the online web portal.
A dedicated server for the online web portal is supported on Gaia servers.
Administrators can authenticate to the web portal with these authentication methods:
You must turn on the Web Remote Help in SmartEndpoint before you can use it.
To turn on the Web Remote Help:
The Endpoint Server window opens.
When you turn on or turn off the Web Remote Help, the Endpoint Security Management Server restarts and all connections with client computers and SmartEndpoint sessions get disconnected.
Administrators can configure how many characters are in the Remote Help response that users must enter. The default length is 30 characters.
To change the length of the Remote Help response:
You can log into Web Remote Help portal using one of these methods:
Password Login is the default method and shows when you first connect to the portal. The link in the right bottom corner of the Endpoint Security Web Remote Help window lets you toggle between the two login methods.
To login using Password Login method:
Notes -
To login using Token Login method:
Notes -
You can configure a standalone Web server for Remote Help. This is supported on Gaia servers.
To configure a Standalone Remote Help Server:
The Endpoint Server window opens.
You can do these web Remote Help account management actions:
To add a web Remote Help account:
The Web Remote Help Accounts window opens.
The Web Remote Help Account wizard opens.
User type & Authentication |
Credentials |
---|---|
Existing user with AD authentication |
a. In the Login field, type the name of a user from the AD (auto-complete field). b. In the Login Method, select AD Authentication. |
Existing user with Token authentication |
a. In the Login field, type the name of a user from the AD (auto-complete field). b. In the Login Method, select Token. c. Click Select. d. Select a token. e. Click OK. |
Local user with fixed password authentication |
a. In the Login field, type the login name of a user. b. In the Login Method, select Password. |
Local user with Token authentication |
a. In the Login field, type the login name of a user. b. In the Login Method, select Token. c. Click Select. d. Select a token. e. Click OK. |
AD Group/OU with AD Authentication |
a. In the Login field, type the name of a group from the AD (auto-complete field). b. In the Login Method, select AD Authentication. Note - Token authentication is not supported for AD Group/OU. |
To disable the Web Remote Help account:
Select Disable remote help account. When you create a new account, it is enabled by default.
To edit a web Remote Help account:
The Web Remote Help Accounts window opens.
The Web Remote Help Account Configuration window opens.
Note - you cannot change the type of an existing account.
To delete a web Remote Help account:
The Web Remote Help Accounts window opens.
To search for an existing web Remote Help account:
The Web Remote Help Accounts window opens.
List of results shows.
To use Remote Help with AD password, it is necessary for the Remote Help server to connect to the domain controller with SSL.
To configure SSL Support:
$UEPMDIR/system/install/wrhAuthConfig
Note - Web Remote Help works with LDAPS or LDAP authentication only. Mixed mode is not supported. |
Use this challenge/response procedure to give access to users who are locked out of their Full Disk Encryption protected computers.
To give Full Disk Encryption Remote Help assistance from the SmartEndpoint:
The User Logon Preboot Remote Help window opens.
The endpoint computer shows a challenge code.
Remote Help authenticates the challenge code and generates a response code.
To give Full Disk Encryption Remote Help assistance from the web portal:
The endpoint computer shows a challenge code.
Remote Help authenticates the challenge code and generates a response code.
Media Encryption & Port Protection lets administrators recover removable media passwords remotely using a challenge/response procedure. Always make sure that the person requesting Remote Help is an authorized user of the storage device before you give assistance.
To recover a Media Encryption & Port Protection password with Remote Help assistance from the SmartEndpoint:
The Media Encryption & Port Protection Remote Help window opens.
Media Encryption & Port Protection authenticates the challenge code and generates a response code.
To recover a Media Encryption & Port Protection password with Remote Help assistance from the web portal:
Media Encryption & Port Protection authenticates the challenge code and generates a response code.
To disable Remote Help:
The Media Encryption page opens.
User-bound Remote Help lets you do remote help for a user, Offline Group, or an organization without an exact device name. A special user is created for this purpose.
Note - User-bound Remote Help is less secure than regular Remote Help because the same key for Remote Help is distributed to all machines assigned to the specified user account. |
To create a new Pre-boot user for User-bound Remote Help: