|
|
|
Temporary Pre-boot Bypass lets the administrator disable Pre-boot protection temporarily, for example, for maintenance. It was previously called Wake on LAN (WOL).
You enable and disable Temporary Pre-boot Bypass for a computer, group, or OU from the computer or group object. The Pre-boot settings in the Full Disk Encryption policy set how Temporary Pre-boot Bypass behaves when you enable it for a computer.
Temporary Pre-boot Bypass reduces security. Therefore use it only when necessary and for the amount of time that is necessary. The settings in the Full Disk Encryption policy set when the Temporary Pre-boot Bypass turns off automatically and Pre-boot protection is enabled again.
To temporarily disable Pre-boot on a computer:
The Pre-boot is enabled again when you click Revert to Policy Configuration or when the criteria in the Temporary Pre-boot Bypass settings are met.
To configure Temporary Pre-boot Bypass settings:
Option |
Description |
||
Enable Temporary Pre-boot Bypass when necessary. The Endpoint will disable Temporary Pre-boot Bypass after (number of days) |
You must enable Temporary Pre-boot Bypass for specified users or computers when necessary from Users and Computers > Full Disk Encryption. Enter the number of days for which Temporary Pre-boot Bypass functionality is enabled. After the number of days expires, Temporary Pre-boot Bypass is disabled on the client and the Pre-boot environment shows. Select a small number so that you do not lower the security by disabling the Pre-boot for a long time. |
||
Enable Temporary Pre-boot Bypass from a script |
Temporary Pre-boot Bypass is enabled on specified computer with a script. |
||
The Endpoint will disable Temporary Pre-boot Bypass after (number of automatic logons) |
Enter the number of times the Temporary Pre-boot Bypass functionality can be used. After the number of logons expires, Temporary Pre-boot Bypass is disabled on the client and the Pre-boot environment shows. |
||
Automatic logon starts after (number of minutes) |
Enter the time delay in minutes. After the delay expires, Temporary Pre-boot Bypass logs the user into the Windows environment. During the delay, the Pre-boot Login window shows. The user can manually logs into the windows environment. |
||
Allow OS Logon |
Lets the user log in to OS after the Temporary Pre-boot Bypass logon. |
||
|
Notes - If the mouse is moved or a key pushed on the keyboard in the Pre-boot environment, the Temporary Pre-boot Bypass functionality is disabled. |
||
Related Topics |
If you run scripts to do unattended maintenance or installations (for example, SCCM) you might want the script to reboot the system and let the script continue after reboot. This requires the script to turn off Pre-boot when the computer is rebooted. Enable this feature in the Temporary Pre-boot Bypass Settings windows.
This is supported in E80.51 clients and higher on R77.20 and higher management.
To enable Temporary Pre-boot Bypass from a script:
The Temporary Pre-boot Bypass script can only run during the configured timeframe.
Running a Temporary Pre-boot Bypass script
In a script you execute the FdeControl.exe utility to enable or disable Pre-boot at the next restart:
FDEControl.exe set-wol-on to enable Temporary Pre-boot Bypass.FDEControl.exe set-wol-off to disable Temporary Pre-boot Bypass.The above commands will fail with code 13 ( UNAUTHORIZED ) if executed outside the timeframe specified in the policy.