No option to grant access in offline mode

[antonywellings]

in Kaspersky security center 10 for the managed devices group the ‘Delete the device from group if it has been inactive for longer than(days)’ was set to 60.

As such a lot of devices have now moved to the unassigned group as people have not been working. If i move a device back to the correct group there is no option for ‘Grant access to devices and data in offline mode’ for devices that have kaspersky’s fde so can’t generate keys to do carry out a password reset.

If the device can be logged in and kaspersky connects to the server then it re-synchs and the option becomes available, for people who have forgotten their password is there any other way to generate the keys for a password reset?

[MilanBortel]

Hi @antonywellings,

wow, what a trouble.. I can imagine! What I’m thinking - do you have KSC backup? You can restore KSC data to few weeks back (managed devices would still be available for challenge/response FDE..).

Does it make sense to you?

 

Cheers,
Milan

[antonywellings]

HI Milan

 

Thanks for the reply, this is a system/job i’ve just inherited but after a bit of digging around I do see what you mean. We have a task creating a backup every day, unfortunately it only keeps 3 days worth of backups.

on the KSC console I can see the devices listed under encrypted devices, so we still have the keys and if i remove the hard drive and connect it to my laptop i can access it that way. Luckily we’ve only had one person so far forget the password and we use folder redirection for desktops/documents so we have the data.

I think i’m stuck with either removing the device and decrypting it or a reinstall and re-synching the user account.

 

Ta

Antony

[MilanBortel]

Hi Antony,

yeah.. the default setting is to keep only 3 days history (which is normally ok, if you have other long-term backup plans)..

And yes, you can use FDERT utility, to access data (see https://support.kaspersky.com/9758)

BTW: did you remove the “managed devices” group setting to automatically remove device based on inactivity?

Milan