[KB7120] Starting an FDE system in ESET Endpoint Encryption

Issue

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE. Visit What's new in ESET Full Disk Encryption to view EFDE content.

Solution

To start the machine and log into Windows, select 1. Start System and press the Enter key. Enter your username and password when prompted. Once these are entered correctly, the system will continue to load Windows.

FDE login screen for UEFI workstations:

Why do I not see the new graphical FDE login screen? 

Figure 1-1

FDE login screen for Legacy workstations:

Figure 1-2


If you receive an error message when attempting to start the machine, see the following descriptions for each error message.

User not found

The username is being entered incorrectly.  This message may also be displayed if the machine was deliberately disabled by ESET Endpoint Encryption (EEE) Server. In most cases, the error is due to an incorrectly entered username.

Figure 2-1

If you have sent a remote disable command as described in Remotely disable a workstation, you may also receive the "User not found" message.

Password is incorrect

The username was recognized, but the password is incorrect.

Figure 2-2

ACCESS DENIED

Verify that the password you are entering is correct. Passwords are case sensitive.
Press the F5 key while entering your password to display the characters you are typing on the screen. Only do this if no one can see your entry.

User is disabled

You entered the correct username but you had too many incorrect password attempts and the account is now disabled. You will need to start the system using a different user account or use the recovery method in the next section if it is managed by an EEE Server.

Figure 2-3

Recovery Method from Access Denied or User is Disabled

If the system is managed by an EEE Server, you can start the machine using a recovery password and set a new password for the user. Recovery passwords are obtained from your EEE Server help desk.  Reset a managed user's Full Disk Encryption password.

Figure 2-4

No recovery information

You attempted to use the 2. Lost details option for a user that exists on the system but does not have recovery information. Attempting to use this option with a standalone client will result in this warning. On a standalone system, the Lost Details menu item does not perform any action. The Lost Details menu is only available for clients managed by an EEE Server as described in the Recovery method section. 

Administrator logins

When starting Full Disk Encryption, two login accounts are created as part of the start process—an admin login and a user login. Additional user logins can be added once encryption has started.

The admin login can be used in the circumstance that the user logins are not functioning — depending if the system is managed by an EEE Server or standalone. The procedure to find the admin password that was used is different as detailed below.

 

Managed Recovery login on ESET Endpoint Encryption Server

Typically recovery logins are used in a managed environment. However if for some reason that is not possible, the admin account allows the system to start. Your admin should know the details of this login and be able to use them to start the system. If the admin is unable to remember the admin password that was specified, it can be viewed from the EEE Server.

  1. Log in to your ESET Endpoint Encryption Server.
     
  2. Select Workstations and select the workstation from the list.
     
  3. Click Details  FDE Logins tab.
     
  4. Select the admin user from the FDE Logins list (they will have a red user icon and type of Admin).
     
  5. Click Change and select the check box next to Set Password.
     
  6. Click Show. The admin password that was set when you sent the encryption command will be displayed.
     
  7. Click Cancel.

Figure 3-1

Standalone

The standalone client machine forces the admin password to be saved when Full Disk Encryption is started.  This account is linked to the username 'admin'. For more information, visit: Why do I need an admin password?