You can set these Pre-boot Environment Permissions in the properties of the Pre-boot Protection action in a Full Disk Encryption policy rule. The hardware related setting are only for systems with BIOS firmware and do not affect systems with UEFI.
Note - These permissions are also in the Pre-boot Customization Menu on client computers. To open the Pre-boot Customization Menu:
|
|||
---|---|---|---|
Permission |
Notes |
||
Enable USB device in Pre-boot environment |
Select to use a device that connects to a USB port. If you use a USB Smart Card you must have this enabled. If you do not use USB Smart Cards, you might need this enabled to use a mouse and keyboard during Pre-boot.
|
||
Enable PCMCIA |
Enables the PCMCIA Smart Card reader. If you use Smart Cards that require this, make sure it is enabled. |
||
Enable mouse in Pre-boot environment |
Lets you use a mouse in the Pre-boot environment. |
||
Allow low graphics mode in Pre-boot environment |
Select to display the Pre-boot environment in low-graphics mode. |
||
Maximum number of failed logons allowed before reboot |
|
||
Verification text for a successful logon will be displayed for |
Select to notify the user that the logon has been successful, halting the boot-up process of the computer for the number of seconds that you specify in the Seconds field. |
||
Allow hibernation and crash dumps |
Select to allow the client to be put into hibernation and to write memory dumps. This enables Full Disk Encryption protection when the computer is in hibernation mode. Note: hibernation must be enabled in Windows for this option to apply. All volumes marked for encryption must be encrypted before Full Disk Encryption permits the computer to hibernate. |
||
Enable Remote Help |
Select to let users use Remote Help to get users access to their Full Disk Encryption protected computers if they are locked out. |