Check Point HARMONY R81 - Temporary Pre-Boot Bypass

451 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Authentication before the Operating System Loads (Pre-boot)

R81 Harmony Endpoint Server Administration Guide|192

If you choose Do not authenticate user before OS loads (Not recommended), the user

experience is simpler, but it is less secure. Users log in to Windows only, and the options in

Integrate with OS login part of the action properties become available. To reduce security

issues, configure settings in Require Pre-boot if one or more of these conditions are met:

n

Single Sign-On (SSO) together with Pre-boot Authentication.

n

Pre-boot with Bypass Pre-boot when connected to LAN.

n

Display Last Logged on User in Pre-boot - The username of the last logged on user

shows in the Pre-boot logon window. That user only needs to enter a password or Smart

Card pin to log in.

n

Use TPM for Pre-boot integrity -This uses the TPM security chip to measure Pre-boot

components. If they are not tampered with, the TPM allows the system to boot. See

sk102009 for more details.

Note: The software based hardware hash is disabled when TPM is configured.

You can also use TPM in addition to Pre-boot authentication for two-factor

authentication.

Temporary Pre-boot Bypass

Temporary Pre-boot Bypass lets the administrator disable Pre-boot protection temporarily, for

example, for maintenance. It was previously called Wake on LAN (WOL).

You enable and disable Temporary Pre-boot Bypass for a computer, group, or OU from the

computer or group object. The Pre-boot settings in the Full Disk Encryption policy set how

Temporary Pre-boot Bypass behaves when you enable it for a computer.

Temporary Pre-boot Bypass reduces security. Therefore use it only when necessary and for

the amount of time that is necessary. The settings in the Full Disk Encryption policy set when

the Temporary Pre-boot Bypass turns off automatically and Pre-boot protection is enabled

again.

There are different types of policy configuration for Temporary Pre-boot Bypass:

n

Temporary Pre-boot Bypass

n

Temporary Pre-boot Bypass from a script

n

Temporary Pre-boot Bypass when connected to LAN

To temporarily disable Pre-boot on a computer:

1. In the Computer Details or Node Details window, select Security Blades > Full Disk

Encryption. Or, right-click a node and select Full Disk Encryption > Disable Pre-boot

Protection.

Table of Contents

Related product manuals

Preview: Check Point L-71

Check Point L-71

Check Point 6700

Preview: Check Point UTM-1 U-5

Check Point UTM-1 U-5

Preview: Check Point UTM-1 Edge

Check Point UTM-1 Edge

Preview: Check Point 6000 Series

Check Point 6000 Series

Preview: Check Point Smart-1 205

Check Point Smart-1 205

Preview: Check Point Smart-1 625

Check Point Smart-1 625

Preview: Check Point Smart-1 225

Check Point Smart-1 225

Preview: Check Point Smart-1 5050

Check Point Smart-1 5050

Preview: Check Point QUANTUM SPARK 1530

Check Point QUANTUM SPARK 1530

Preview: Quantum SMART-1 600-M

Quantum SMART-1 600-M

Preview: QUANTUM SMART-1 6000-L/6000-XL

QUANTUM SMART-1 6000-L/6000-XL