Advanced Pre-boot Settings
| Action | Description |
|---|---|
| Display last logged on user in Pre-boot |
The username of the last logged on user shows in the Pre-boot logon window. That user only needs to enter a password or Smart Card pin to log in |
| Reboot after [x] failed logon attempts were made |
|
| Verification text for a successful logon will be displayed for |
Select to notify the user that the logon was successful, halting the boot-up process of the computer for the number of seconds that you specify in the Seconds field. |
| Enable USB devices in Pre-boot environment |
Select to use a device that connects to a USB port. If you use a USB Smart Card you must have this enabled. If you do not use USB Smart Cards, you might need this enabled to use a mouse and keyboard during Pre-boot. |
| Enable TPM two-factor authentication (password & dynamic tokens) |
Select to use the TPM security chip available on many PCs during pre-boot in conjunction with password authentication or Dynamic Token authentication. The TPM measures Pre-boot components and combines this with the configured authentication method to decrypt the disks. If Pre-boot components are not tampered with, the TPM lets the system boot. See sk102009 for more details. |
| Firmware update friendly TPM measurements |
Disables TPM measurements on Firmware/BIOS level components. This makes updates of these components easier but reduces the security gained by the TPM measurements because not all components used in the boot sequence are measured. If this setting is enabled on UEFI computers, the Secure Boot setting is included in the measurement instead of the firmware. |
| Enable remote help without pre-boot user |
Select to enable remote help without the need of assigning any Pre-boot user to the computer. When giving remote help, select the Pre-Boot Bypass Remote Help type that performs a One-Time logon. The setting is only available if Pre-boot is configured to be disabled. |
| Remote Help |
Users can use Remote Help to get access to their Full Disk Encryption protected computers if they are locked out. Here you configure the number of characters in the Remote Help response that users must enter. |