204 ZENworks Endpoint Security Management Administration Guidenovdocx (en) 17 September 20099.1.2 Using the Administrator Configured Decryption UtilityThe File Decryption Utility can also be configured in administrator mode with the current key set,and can extract all data from an encrypted storage device. This configuration is not recommended,as it can potentially compromise all current keys used by the ZENworks Storage EncryptionSolution. However, in cases where the data is otherwise unrecoverable, this configuration may benecessary.To configure the tool:1 Create a shortcut for the File Decryption Utility within its current directory.2 Right-click the shortcut, then click Properties.3 At the end of the target name, and after the quotes, enter -k (example: "C:\AdminTools\stdecrypt.exe" -k).4 Click Apply, then click OK.5 Open the tool using the shortcut, then click Advanced.6 Click the Load Keys button to open the Import Key window.7 Browse for the keys file and specify the password for the keys.All files encrypted with these keys can now be extracted.9.2 Using the Override-Password Key GeneratorProductivity interruptions that a user may experience due to restrictions to connectivity, disabledsoftware execution, or access to removable storage devices are likely caused by the security policythe Endpoint Security Client is enforcing. Changing locations or firewall settings most often liftsthese restrictions and restores the interrupted functionality. However, in some cases the restrictioncould be implemented in such a way that they are restricted in all locations and firewall settings, orthe user is unable to make a location or firewall setting change.When this occurs, the restrictions in the current policy can be lifted via a password override to allowproductivity until the policy can be modified. This feature allows an administrator to set uppassword protected override for specified users and functionality, which temporarily permits thenecessary activities.Password overrides disable the current security policy (restoring the default, All Open policy) for apre-defined period of time, after the time-limit expires, the current or updated policy is restored. Thepassword for a policy is set in the security policy's Global Rules settings.Password override does the following: Overrides application blocking Allows users to change locations Allows users to change firewall settings Overrides hardware control (thumb drivers, CDROM, etc.)The password entered into the policy should never be issued to an end user. It is recommended thatthe Override-Password Key Generator be used to generate a short-term-use key.