I am currently testing out Symantec Encryption Desktop 10.3.1 with Symantec Encryption Server 3.3.1. I have created a specific Symantec Drive Encryption policy on the server and have downloaded the client with that policy embedded in it. I have installed the downloaded client on a single Dell XPS laptop that is in a workgroup (not a part of any domain). I have the disk encrypted with a single user, single sign-on enabled, and security recover questions configured.
When I click "forgot passphrase" at the BootGuard screen, I enter the answers to the security questions and the PC starts. The PC starts and goes straight to the windows log-in screen. My question is how can the user log on to windows if they have truly forgotten their password? Shouldn’t single sign-on still work and take the user straight into windows so that user can reset their password? Is this a limitation of Symantec Drive Encryption and Single Sign-On or is there something wrong with my configuration?