Temporary Pre-boot BypassSettings
Temporary Pre-boot Bypass lets the administrator disable Pre-boot protection temporarily, for example, for maintenance. It was previously called Wake on LAN (WOL). You enable and disable Temporary Pre-boot Bypass for a computer, group, or OU from the computer or group object. The Pre-boot settings in the Full Disk Encryption policy determine how Temporary Pre-boot Bypass behaves when you enable it for a computer.
Temporary Pre-boot Bypass reduces security. Therefore use it only when necessary and for the amount of time that is necessary. The settings in the Full Disk Encryption policy set when the Temporary Pre-boot Bypass turns off automatically and Pre-boot protection is enabled again.
You can configure the number of minutes the Pre-boot login is displayed before automatic OS logon.
There are different types of policy configuration for Temporary Pre-boot Bypass:
-
Allow OS login after temporary bypass
-
Allow bypass script
If you run scripts to do unattended maintenance or installations (for example, SCCM) you might want the script to reboot the system and let the script continue after reboot. This requires the script to turn off Pre-boot when the computer is rebooted . Enable this feature in the Temporary Pre-boot Bypass Settings windows. The Temporary Pre-boot Bypass script can only run during the timeframe configured in Temporary Pre-boot Bypass Settings.
Running a temporary bypass script:
In a script you execute the
FdeControl.exeutility to enable or disable Pre-boot at the next restart:-
To disable Temporary Pre-boot Bypass, run:
FDEControl.exe set-wol-off -
To enable Temporary Pre-boot Bypass, run:
FDEControl.exe set-wol-on
The above commands fail with code "
13 ( UNAUTHORIZED )" if executed outside the timeframe specified in the policy. -
You can select the Temporary Pre-boot Bypass duration:
-
On demand, Once, or Weekly,
-
Disable after X automatic logins - Bypass turns off after the configured number of logins to a computer.
-
Disable after X days or hours - Bypass turns off after the configured days or hours passed.
If you select both Disable after X automatic logins and Disable after X days or hours, bypass turns off when any of these options occurs.
Select a small number so that you do not lower the security by disabling the Pre-boot for a long time.