Details
After the Automatic Full Disk Encryption (FDE) feature is enabled, credentials are not required to boot the workstation until it has been activated. During activation, the first user with a Pro license on the workstation will be prompted to choose a password to boot the system. At which point, the FDE username, recovery information and FDE admin credentials are visible.
Automatic FDE is designed to ensure a workstation is encrypted before user activation, for example, when a system administrator prepares laptops before distributing to end users or if an end user is currently unknown.
Although you can use FDE in this manner, we strongly recommend you activate a Pro license as soon as possible to ensure the workstation is fully secure. Automatic FDE is not a replacement for starting FDE from the server as shown in Starting Full Disk Encryption using the ESET Endpoint Encryption Server (managed).
Solution
The following will be encrypted:
- The "Boot" disk will be encrypted. If you have more than one disk to encrypt, the secondary disk will need to be encrypted manually.
- Compatible Partitions with drive letters will be encrypted
- Software encryption mode is used, OPAL is not available.
- Standard Username and Password authentication is used, TPM modes are not available
I. Configure a Workstation policy
- Navigate to your Workstation policy Full Disk Encryption settings.
- Change the configuration of Automatically start encryption after installation to Yes.
- Enter the applicable number of Password and Recovery attempts you want the user to have at the pre-boot FDE login page.
- Enter the applicable number of Recovery uses.
- Enter an FDE Administrator Username. It is admin by default.
- Make the appropriate Single Sign-On (SSO) selection (must be activated with Self-Enrollment).
II. Install client software
When the client software is installed, a Safe Start reboot occurs. For more information on Safe Start, refer to What is Full Disk Encryption Safe Start?
The FDE process is in progress. The Disk Encryption Status window indicates the progress.
Figure 1-1
III. Activate
Refer to Activate ESET Endpoint Encryption Client using ESET Endpoint Encryption Server.
IV. Enter FDE pre-boot password details
When you have entered the activation details you will be required to enter a pre-boot password. If you have Self-Enrollment enabled and have elected to set up your user with an SSO login, you will be required to verify your domain login credentials.
SSO enabled (Self-Enrollment Only):
Figure 2-1
Normal user:
Figure 2-2