Manage Recovery Keys

Applies To: WatchGuard Full Encryption

Microsoft BitLocker technology protects data from unauthorized access. A BitLocker recovery key is a unique 48-digit key that unlocks a BitLocker protected hard drive. When WatchGuard Full Encryption detects unusual activity on a protected computer, Full Encryption prompts the user to enter a BitLocker recovery key.

Unusual activity might include:

  • A user makes repeated attempts to enter an incorrect PIN or password while the device boots up
  • A Trusted Platform Module (TPM) chip detects a change in the boot sequence
  • Changes are made to the computer motherboard
  • Deletion or disablement of TPM content

Full Encryption stores the recovery keys for all encrypted computer drives that it manages. Each encrypted drive has a unique recovery key.

Computers that are partially or entirely encrypted by users using BitLocker are not integrated into Full Encryption. Neither their encryption nor their recovery keys can be managed.

Find a Recovery Key

To obtain a recovery key on the Full Encryption dashboard, from the Encrypted Computers tile:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Full Encryption.
  3. In the Encrypted Computers tile, click Recovery Key Search.

    The Recovery Key Search dialog box opens.
  4. In the text box, type the ID of the recovery key you want to find.
    In the case of a recovery key ID for an encrypted partition, enter the first eight digits. The recovery key that the user can use to unlock the encrypted disk partition is displayed.

Screen shot of Full Encryption, Recovery Key Search

  1. Press Enter.

Screen shot of Full Encryption, Recovery Key Search with IDs

  1. Select the found recovery ID.
    The Get Recovery Key dialog box opens.

Screen shot of Full Encryption, Get Recovery Key

  1. Click Copy Recovery Key and send it to the user.

To obtain a recovery key from the Computer details page:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Full Encryption.
  3. In the Encryption Status tile, click the status you want to see computers for.
    The Encryption Status page opens and shows computers with the selected status.

    Encryption Status

  4. Select the computer you want to find the recovery key for.
    The Computers page opens.
  5. In the Details > Data Protection section, click Get Recovery Key.
    To obtain a removable drive recovery key, click View Encrypted Devices on this Computer.

    Get Recovery Key
    The Get Recovery Key dialog box opens and shows the IDs for all of the encrypted drives on the computer. To find another recovery key, click Find Another Key.

Screen shot of Full Encryption, Get Recovery Key with IDs

  1. Click the encrypted drive ID of the key you want to recover.
    The Get Recovery Key dialog box opens.
    Screen shot of Full Encryption, Get Recovery Key
  1. Click Copy Recovery Key and send it to the user.

To obtain a removable drive recovery key:

  1. In the Details > Data Protection section, click View Encrypted Devices on This Computer.
    The Encrypted Devices on This Computer dialog box opens and shows the IDs of the encrypted drives on the computer.

Screen shot of Full Encryption, Encrypted Devices on this Computer

  1. Click the encrypted drive ID of the key you want to recover. To find another recovery key, click Find Another Key.
  2. Click Copy Recovery Key and send it to the user.

See Also

About Full Encryption

Full Encryption Authentication Types