Professional Edition Only
One of the flagship features of SafeHouse Professional is its ability to easily allow administrators to reset lost passwords for SafeHouse data volumes. This is an essential feature that you simply cannot live without if you are deploying any kind of file encryption throughout your organization.
There are many ways for passwords to become lost. Besides the obvious issue of people simply forgetting them, you might have employees suddenly leave on bad terms, or even die in an automobile accident. Yes, these things all happen more often than one might think, and its important that you have a plan in place to ensure that you'll never find yourself locked out of your own files.
SafeHouse supports two modes for performing password resets:
A local password reset is how we refer to resetting passwords when you have direct access to the machine hosting the SafeHouse volume needing to be reset. By direct access, we mean that you are able to either physically walk up to the machine and sit down at the keyboard, or, you can accomplish the same thing using some kind of remote desktop software.
See How to Perform Local Password Resets.
A remote password reset is how we refer to resetting passwords when you do not have direct access to the machine hosting the SafeHouse volume.
In this case, the end user (the person you are trying to help) has access to the machine hosting the SafeHouse volume, and you instruct them on how to submit a remote reset request through the SafeHouseAdmin.com website. Once you approve the request by completing a web form, the user will then be allowed to choose a new password for their volume.
To use this method, you must create an account at SafeHouseAdmin.com prior to deploying SafeHouse throughout your company. More details...
See How to Perform Remote Password Resets.
In order to reset a lost password by either mode, you must plan for such in advance of deploying SafeHouse to your employees. This feature is not enabled by default in the off-the-shelf SafeHouse setup program. One of your roles as the SafeHouse administrator is to enable this feature by first using the SafeHouse Branding Wizard, and then by using the SafeHouse Deployment Wizard to prepare a customized setup program.
In order to reset the password for a SafeHouse volume, you must first prove that you have permission to do so. One way to do this is simply to provide the administrator password for the group to which the affected volume belongs. But this may not always be possible nor desirable. For example, in larger organizations, the task of resetting passwords is often delegated to Help Desk personnel; and you may not want these individuals knowing the top-level administrator password.
The solution is to use a SafeHouse administrator smartcard.
SafeHouse supports a variety of commercial smartcards, as well our own virtual smartcard which can be created from an off-the-shelf USB flash disk or memory stick.
An administrator smartcard is a special smartcard prepared by a top-level SafeHouse administrator who knows the administrator password for the subject group. This task is performed using the SafeHouse Branding Wizard. After which, the card can be used by support personnel to reset passwords without them ever learning the true administrator password. They will, of course, need to know the password to their individual smartcard.
Please note that this feature separate from SafeHouse's support for using smartcards to store volume passwords.
See Using Smartcards for Administration.