Dell LSA Recovery Guide for Dell Encryption Enterprise and Dell Encryption Personal

The local security administrator (LSA) recovery bundle is used to regain access to Dell Encryption Enterprise (formerly Dell Data Protection | Enterprise Edition) or Dell Encryption Personal (formerly Dell Data Protection | Personal Edition) data. This article covers how to run the LSA recovery bundle.

Affected Products:

• Dell Encryption Enterprise
• Dell Data Protection | Enterprise Edition
• Dell Data Protection | Server Edition
• Dell Encryption Personal
• Dell Data Protection | Personal Edition

Affected Operating Systems:

• Windows

Not applicable

The LSA recovery bundle can be used for Recovery. It also contains command-line interface (CLI) options. For more information, click the appropriate option.

Recovery

The LSA recovery bundle may be run differently whether the endpoint is Online or Offline. Click the appropriate method for more information.

Online

This process addresses situations where the user has access to the operating system but has either lost all access to encrypted data or must move the hard drive from one chassis to another. In this case, the LSA recovery bundle that is downloaded from the administration console can be copied to the computer and run locally.

1. From the machine that requires recovery, double-click the LSA Recovery Bundle.

2. Select My system does not allow me to access encrypted data, edit policies, or is being reinstalled and then click Next.

3. Copy the Backup and Recovery Information and then click Next.

4. Select the volume to recover and then click Next.

5. Populate the Password that was assigned when downloading the LSA recovery bundle from the administration console, and then click Next.

6. Click Recover to perform the recovery. The utility extracts the keys to the computer.

7. Confirm that the operation was successful and then click Finish.

8. If moving the hard drive to another chassis, it is required that you shut down the machine instead of rebooting. When prompted to restart, click No and then shut down from the Windows Start Menu. Otherwise, click Yes.

Offline

If the user no longer has access to the operating system and the machine is locked in SDE Recovery Mode, an offline recovery must be performed.

The LSA recovery bundle may run by an Automatic or Manual method. The automatic method is recommended for versions 10.2.10 and later. The manual method works for all versions. Click the appropriate method for more information.

Automatic

1. Create a bootable WinPE USB.

2. Copy the LSA recovery bundle to the WinPE USB.

3. Boot to that media on the device with the drive you are attempting to recover. A WinPE environment opens.
4. Type X and then press Enter to reach Command Prompt.

5. Browse to and then run the LSA recovery bundle.

6. Select My system fails to boot and displays a message asking me to perform SDE Recovery and then click Next.

7. Confirm the Backup and Recovery Information and then click Next.

8. Select the volume to recover and then click Next.

9. Populate the Password that was assigned when downloading the LSA recovery bundle from the administration console, and then click Next.

10. Click Recover. The utility extracts the keys to the computer.

11. Confirm that the operation was successful and then click Finish.

12. Remove the WinPE boot media and reboot the endpoint. If Windows does not boot, contact Dell Data Security ProSupport.

Manual

1. Right-click the LSA recovery bundle and then select Run as administrator.

2. If Windows Defender is enabled, select More Info and then click Run anyway. Otherwise, go to Step 3.

3. If User Account Control (UAC) is enabled, click Yes. Otherwise, go to Step 4.

4. With the Dell Encryption recovery menu open, right-click the Windows Start menu and then click Run.

5. In the Run UI, type cmd and then press OK.

6. In Command Prompt, Use the cd command to browse to the directory where the LSA recovery bundle is located and then press Enter.

7. Type LSARecovery_[HOSTNAME] -x 1 -p [PASSWORD] and then press Enter.

8. Type LSARecovery_[HOSTNAME] -gpk -p [PASSWORD] and then press Enter.

9. In the LSA recovery bundle folder, go to CMGKRcvr.txt and GPKRCVR.TXT.

10. Copy CMGKRcvr.txt and GPKRCVR.TXT to external media or a share.

11. Boot a WinPE environment on the targeted endpoint to recover.

12. Go to CMGKRcvr.txt and GPKRCVR.TXT on the external media or share (Step 9).

13. Type Copy CMGKRcvr.txt [ROOT] and then press Enter.

14. Type Copy GPKRCVR.TXT [ROOT] and then press Enter.

15. Remove the WinPE boot media and reboot the endpoint. If Windows does not boot, contact Dell Data Security ProSupport.

CLI

The recovery bundle allows flexibility in command-line options by using switches.

CLI Examples:

Example #1:

LSARecovery_[HOSTNAME].exe -x 1 -p P@ssw0rd -d C:\Users\Administrator\Desktop\test

Example #1 contains:

• File = LSARecovery_[HOSTNAME].exe
• Extracted recovery data = System data encryption (SDE) key
• Password = P@ssw0rd
• Directory = C:\Users\Administrator\Desktop\test

Example #2:

LSARecovery_[HOSTNAME].exe -gpk -p Abcd1234

Example #2 contains:

• File = LSARecovery_[HOSTNAME].exe
• Extracted recovery data = GPK key
• Password = Abcd1234
• Directory = Where LSARecovery_[HOSTNAME].exe is being run from

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.