[KB7185] Starting Full Disk Encryption using the ESET Endpoint Encryption Server (managed)

• If you are using ESET Endpoint Encryption (EEE) in a managed environment using an EEE Server and your Users are licensed with an EEE Pro license, you can send a Full Disk Encryption command to their Workstations

1. To issue a Full Disk Encryption (FDE) command to a workstation, select the User associated with the workstation and then double-click the user to open the User Card window.
    
2. Click the Workstation tab, you will see all of the workstations that the User is associated with. You will also be able to see the FDE status of the workstation under the FDE status column.
    
3. Highlight the workstation you want to send an FDE command to and then click Full Disk Encryption.

Figure 1-1

4. The Full Disk Encryption wizard will appear. Click Next to continue (if you do not want to see the wizard window in future, select Don't show this page again and then click Next).

Figure 1-2

5. The Compatibility Checks window will display any incompatibilities on the workstation you are sending the command to. Click Next to continue. 
    
6. Click the security mode method of your choice and then click Next to continue. 

Figure 1-3

The following instructions show the process with the without using TPM hardware mode, to follow the TPM security method, see Starting Full Disk Encryption using a TPM (Trusted Platform Module). For more information about choosing a security mode, see Trusted Platform Module (TPM) Support.

7. In the FDE details screen, type in the Username and Password (FDE login credentials) for the user and then click Next. 
   
   If you want EEE to synchronize the FDE password with the user's Windows password, then you may want to use Single Sign-On (SSO) instead. For more information about SSO, see What is Single Sign-On (SSO).

Figure 1-4

8. If this is the first FDE command that you are sending from the EEE Server, then you will be prompted to type in an Administrator Username and Password. The FDE Administrator Username and Password is sticky, meaning it will be remembered for each subsequent FDE command that you send to other workstations. Click Next.

Figure 1-5

9. You can encrypt the whole disk or encrypt a specific partition(s) of the disk (click Change to select the specific partition). The screenshot below shows that the whole disk will be encrypted. Once you choose what will be encrypted, click Next.

Figure 1-6

10. Select a Start Mode for the encryption. We recommend using Safe Start Mode.
    
    For more information about Safe Start, see What is Full Disk Encryption Safe Start?
     
11. Click Start to send the FDE command to the target workstation. 

Figure 1-7

The workstation icon will change to orange and under the FDE status, the status will display Start FDE Pending.

To process the FDE command by the workstation, see the following options:

• Wait for the background check period to elapse (by default this is every 60 minutes).
   
• Manually synchronize the client following the instructions this article: Manually synchronize the ESET Endpoint Encryption Client and Server.

Once the FDE command has been processed, the client machine will either restart the system to perform Safe Start or start the FDE process immediately, depending on the Start Mode chosen in step 10 above.