[KB7185] Starting Full Disk Encryption using the ESET Endpoint Encryption Server (managed)

Issue

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE.

Visit What's new in ESET Full Disk Encryption to view EFDE content.

  • If you are using ESET Endpoint Encryption (EEE) in a managed environment using an EEE Server and your Users are licensed with an EEE Pro license, you can send a Full Disk Encryption command to their Workstations

Solution

  1. To issue a Full Disk Encryption (FDE) command to a workstation, select the User associated with the workstation and then double-click the user to open the User Card window.
     
  2. Click the Workstation tab, you will see all of the workstations that the User is associated with. You will also be able to see the FDE status of the workstation under the FDE status column.
     
  3. Highlight the workstation you want to send an FDE command to and then click Full Disk Encryption.

Figure 1-1

  1. The Full Disk Encryption wizard will appear. Click Next to continue (if you do not want to see the wizard window in future, select Don't show this page again and then click Next).

Figure 1-2

  1. The Compatibility Checks window will display any incompatibilities on the workstation you are sending the command to. Click Next to continue. 
     
  2. Click the security mode method of your choice and then click Next to continue. 

Figure 1-3

The following instructions show the process with the without using TPM hardware mode, to follow the TPM security method, see Starting Full Disk Encryption using a TPM (Trusted Platform Module). For more information about choosing a security mode, see Trusted Platform Module (TPM) Support.

  1. In the FDE details screen, type in the Username and Password (FDE login credentials) for the user and then click Next

    If you want EEE to synchronize the FDE password with the user's Windows password, then you may want to use Single Sign-On (SSO) instead. For more information about SSO, see What is Single Sign-On (SSO).

Figure 1-4

  1. If this is the first FDE command that you are sending from the EEE Server, then you will be prompted to type in an Administrator Username and Password. The FDE Administrator Username and Password is sticky, meaning it will be remembered for each subsequent FDE command that you send to other workstations. Click Next.
Do not use the same EEE Server Admin username and password

When setting your FDE Administrator Username and Password, we do not recommend using the same credentials as the EEE Server Admin username and password, as doing so would compromise the security if someone were to discover what the credentials are. 

Figure 1-5

  1. You can encrypt the whole disk or encrypt a specific partition(s) of the disk (click Change to select the specific partition). The screenshot below shows that the whole disk will be encrypted. Once you choose what will be encrypted, click Next.

Figure 1-6

  1. Select a Start Mode for the encryption. We recommend using Safe Start Mode.

    For more information about Safe Start, see What is Full Disk Encryption Safe Start?
     
  2. Click Start to send the FDE command to the target workstation. 

Figure 1-7

The workstation icon will change to orange and under the FDE status, the status will display Start FDE Pending.

To process the FDE command by the workstation, see the following options:

Once the FDE command has been processed, the client machine will either restart the system to perform Safe Start or start the FDE process immediately, depending on the Start Mode chosen in step 10 above.