Using The Administrator Configured Decryption Utility; Using The Override-Password Key Generator - Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 - ADMINISTRATION Administration Manual

9.1.2 Using the Administrator Configured Decryption Utility

The File Decryption Utility can also be configured in administrator mode with the current key set,
and can extract all data from an encrypted storage device. This configuration is not recommended,
as it can potentially compromise all current keys used by the ZENworks Storage Encryption
Solution. However, in cases where the data is otherwise unrecoverable, this configuration may be
necessary.
To configure the tool:
1 Create a shortcut for the File Decryption Utility within its current directory.
2 Right-click the shortcut, then click Properties.
3 At the end of the target name, and after the quotes, enter
Tools\stdecrypt.exe" -k).
4 Click Apply, then click OK.
5 Open the tool using the shortcut, then click Advanced.
6 Click the Load Keys button to open the Import Key window.
7 Browse for the keys file and specify the password for the keys.
All files encrypted with these keys can now be extracted.

9.2 Using the Override-Password Key Generator

Productivity interruptions that a user may experience due to restrictions to connectivity, disabled
software execution, or access to removable storage devices are likely caused by the security policy
the Endpoint Security Client is enforcing. Changing locations or firewall settings most often lifts
these restrictions and restores the interrupted functionality. However, in some cases the restriction
could be implemented in such a way that they are restricted in all locations and firewall settings, or
the user is unable to make a location or firewall setting change.
When this occurs, the restrictions in the current policy can be lifted via a password override to allow
productivity until the policy can be modified. This feature allows an administrator to set up
password protected override for specified users and functionality, which temporarily permits the
necessary activities.
Password overrides disable the current security policy (restoring the default, All Open policy) for a
pre-defined period of time, after the time-limit expires, the current or updated policy is restored. The
password for a policy is set in the security policy's Global Rules settings.
Password override does the following:
Overrides application blocking
Allows users to change locations
Allows users to change firewall settings
Overrides hardware control (thumb drivers, CDROM, etc.)
The password entered into the policy should never be issued to an end user. It is recommended that
the Override-Password Key Generator be used to generate a short-term-use key.
204 ZENworks Endpoint Security Management Administration Guide
(example: "C:\Admin
-k