Authentication before the Operating System Loads (Pre-boot)
R81 Harmony Endpoint Server Administration Guide|191
Authentication before the Operating System Loads (Pre-boot)
The Pre-boot Protection action of a Full Disk Encryption rule defines if users must
authenticate in the Pre-boot before the operating system loads. Configure the Pre-boot
authentication method and other settings related to user authentication in the OneCheck User
Settings rules.
Note - Password Synchronization only works if Pre-boot authentication is enabled.
Action Description
Authenticate user
before OS loads
(Pre-boot)
Users must authenticate to their computers in the Pre-boot before the
operating system loads.
Do not
authenticate user
before OS loads
(Not
recommended)
This setting disables pre-boot, and is not recommended.
This option allows the user to bypass the Pre-boot authentication at
the cost of reducing the security of the solution to a level below
encryption strength. Consider using SSO or enable bypass Pre-boot
when connected to LAN.
Users authenticate to their computers only at the operating system
level.
Note: To reduce security issues, configure settings in Require Pre-
boot if one or more of these conditions are met.
Double-click an action to edit the properties.
If you choose Authenticate user before OS loads (Pre-boot), you can choose Temporary
Pre-boot bypass (Wake on LAN) settings to bypass Pre-boot in specified situations:
n
Allow bypass when connected to LAN - On computers that are connected to an
Endpoint Security server through Ethernet, Pre-boot is not necessary. The client
automatically authenticates securely through the network without Pre-boot. If automatic
network authentication is not possible, manual Pre-boot authentication is required. This
option is supported on UEFI and Mac computers. See
Unlock on LAN Requirements
in
the Release Notes for your Endpoint Security client version. Either search the Web for
the Release Notes, or find them in the
Endpoint Security Homepage
.
l
Unlock Pre-boot user on successful OS login - If users are away from the LAN
and get locked out of Pre-boot (because of incorrect logons), they can log on the
next time they are on the LAN. When they log on to the operating system, the Pre-
boot lock is unlocked.
n
Allow OS login after temporary bypass - For scenarios when you want to temporarily
bypass the Pre-boot, for example, for maintenance, see
"Temporary Pre-boot Bypass"
on the next page
. Temporary Pre-boot Bypass reduces security.
To Next Page
Loading...
