Recovery keys

Recovery information is stored in the database on DriveLock Enterprise Service (DES) by default. We recommend leaving this option enabled.

However, if you select one of the other two options File server (UNC path) or Local folder on agent computers (not recommended) on the Recovery tab, the following files will be created:

• Recovery.env - Envelope file for emergency logon

  DriveLock Disk Protection creates the envelope file and sends it to the location you configured immediately after the Agent has finished installing DriveLock Disk Protection on a client computer. The ZIP file containing the EFS recovery files is created and copied only after all drives have been fully encrypted.

• DiskKeyBackup.zip - This ZIP file contains the EFS recovery file for the data recovery procedure.

  The recovery files should be stored either on the DriveLock Enterprise Server or a central file share. Additionally, the files can be stored locally on the computer, but this is not recommended for security and recovery reasons.

If the files are stored on a central file share, the file names are as follows: <computer>.envelope.env and <computer>.backup.zip

Each client computer has its own corresponding envelope file that must be used for the emergency logon. If you have configured Disk Protection to automatically place the file on a central file share, the file name starts with the name of the client computer (e.g. DE2319WX.Envelope.env).