Smart Pre-Boot

With Smart Pre-boot Authentication before the Operating System loads., you can allow end-users to unlock their devices that have been locked due to forgotten passwords or multiple failed log in attempts.

• Easy Unlock - End user requests an unlock and the administrator must approve the request in the Harmony Endpoint Administrator Portal.

• Self Unlock - End user can unlock the device using a QR code, without requiring the administrator's approval.

To enable Smart Pre-boot:

1. Access the Harmony Endpoint Administrator Portal and click Policy.

2. Go to Data Protection > General.

3. Select a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

4. Click the Full Disk Encryption tab.

5. From the Windows list, select Check Point encryption.

   

6. From the Enable Pre-boot list, select Smart.

7. Click Save & Install.

Now, that the Smart Pre-boot is enabled, Easy Unlock is enabled automatically. If required, you can configure the Harmony Endpoint Administrator Portal to allow end-users to use Self Unlock and Passwordless Pre-boot authentication.

Easy Unlock

Easy Unlock allows administrators to Accept or Reject a One-Time Logon request or a Password Change request from a user.

Easy Unlock is enabled automatically when Smart Pre-boot is enabled.

This feature is supported:

• Only with Endpoint Security client for Windows version 86.50 and later.

• Only if the Check Point encryption is used for Full Disk Encryption.

When a end-user requests for unlock, the icon appears for the device in Computers page under Asset Management.

To respond to the request:

1. Go to Asset Management > Organization.

2. Click Computers.

   You can view the icon in the Status column.

   

3. Click the icon.

   The Respond to Request dialog box appears.

   

4. Click Accept or Reject.

Self Unlock

Self Unlock allows users to unlock their computers by scanning a QR code using their mobile device, without administrator intervention.

It is supported only with Endpoint Security client for Windows version 86.60 and later.

To enable Self-Unlock for Full Disk Encryption:

1. Go to the Policy > Data Protection > General .

2. Select a rule.

3. Click the Full Disk Encryption tab.

4. Click Advanced Settings.

5. Click Remote Help.

   

6. Select the Enable Self-Unlock checkbox.

7. Click OK.

8. Click Save & Install.