Showing results for 
Search instead for 
Did you mean: 
Jason Meyer

Viewing CRES encrypted e-mails after employee terminates?

What is Cisco's position on decrypting CRES encrypted e-mails that are part of an employee's mailbox that no longer works for my company.

For example, we keep all of Tom's e-mail because he deals with very senstive issues and encrypts a large portion of his e-mails with CRES and desktop encryption.   Tom wins the lottery and moves on.  Six month's later our company is put under legal discovery for information that we know is in Tom's mailbox and is encrypted.   But, we do not have his CRES password.   Can we request his password be reset on his behalf?  Does Cisco have a way to decrypt e-mails in bulk so that we don't have to manually decrypt the e-mails individually?

Just trying to get a discussion going on this.

Appreciate any input.


Robert Sherwin
Cisco Employee

No.  We do not have a way to get that un-encrypted - bulk, or otherwise.  We (as Cisco) would just go through at that point and perform a user reset on the account in question --- which would reset the password and "secrets" answers.  After that - the account would be forced to go through and re-establish the basic user setup.  If you request this through a CRES admin account for your company - we can comply with that.  But, if you are a non-admin - then we will not.

If an end-user does leave your company - happiliy with millions, or with sad force... CRES accounts aren't deleted - but you (as an admin), or Cisco, from global admin use, can lock the account.  (We'd prefer to see the happily with millions - and wealth sharing for all!)

Normally - as long as you have your CRES account properly setup, you are an admin, AND you can properly log in and assure that your domain is tied to the CRES account correctly --- you should see and be able to search/view your company domain users that have CRES accounts created.

As stated by the CRES Admins, it is against CRES policy to delete users. You have the option to select the individual user and set their status to either Locked or Blocked. This will essentially prevent that user from accessing secure emails for the selected account.


One correction, to prevent users from opening existing envelopes (or logging into CRES itself), set them to Locked. If you set them to Blocked, the user can go through the forgot password process to get themselves active again, which presumably you don't want. Locked can only be reversed by an admin.

Jason Meyer

Appreciate the responses guys, good info.

Content for Community-Ad