Print Download PDF Send Feedback

Previous

Next

Managing Authorized Pre-boot Users and Nodes

Creating Pre-boot Users

Pre-boot users can be within a node or not assigned to a node.

To create new online Pre-boot user:

  1. in the Users and Computers tab, right-click on an OU under Directories or Other Users/Computers.
  2. Select User Authentication (OneCheck) > Authorize Pre-boot Users.
  3. Click New.

    The Add new Pre-boot user window opens.

  4. Enter a Logon Name
  5. In the Authentication credentials area, select Password or Dynamic Token.
    • A password must contain at least five characters
    • If you select an token as the authentication method, make sure you select an existing token
  6. To set more granular account controls, open Account Details.
    • Do not use device information for Full Disk Encryption remote help - Enables user-bound remote help for the pre-boot user
    • Lock user for preboot - Locks the user for preboot
    • Require change password after first logon - Applies only to password authentication. Select this option to force users to change their password after the first Pre-boot logon.
  7. To set an account expiration date, open the Expiration Settings.
    1. Select The user will be revoked after option.
    2. Select a date.

    Note - The default expiration setting is: Never

To unlink a Windows user from the logged on Pre-boot account:

  1. From an Endpoint Security client, open the client Overview and click on the Full Disk Encryption Blade icon.
  2. Click Unlink.
  3. Enter the password of the logged on Pre-boot account.
  4. Click Unlink.

    A new link is created with a different Windows account at the next Windows log in.

AD Groups for Pre-boot Authentication

You can add Active Directory users and groups to devices, OUs, or groups for Pre-boot authentication. In SmartEndpoint, groups have an option of Authorize Pre-boot nodes in addition to Authorize Pre-boot users.

After you add a group to a device, group or OU, users in the group are directly assigned to the entity and do not need to go through user acquisition. If you add more users to the group after it was assigned to an entity, the new users are automatically directly assigned also.

The maximum amount of users in a group that can be assigned to a device, group, or OU for Pre-boot is 250.

To add a group or user to a device and see authorized users:

  1. In the Users and Computers tab of SmartEndpoint, right-click a group or user. Select OneCheck User Settings > Authorize Pre-boot users.

    The Authorized Pre-boot users window opens. From here you can:

    • See all users that are already assigned. The total number of users is shown in the bottom left corner.
    • Add and Remove users.
    • Search the results.
    • Click Show all users to toggle between showing all individual users in the group and showing included groups.
  2. Click Add to add new users or group.
  3. Select a device, OU, or group.
  4. Click OK.
  5. If a user does not have configured credentials, a User Logon Pre-boot Settings window opens. Configure credentials in the window and click OK. You can configure any supported authentication method for the user in this window.

    You can add groups that contain users without configured credentials to a device, OU, or group, but the individual users without credentials are not assigned to the device. If credentials are configured for them, they will be assigned automatically based on the order in which they were added.

    If you try to add an entity that will bring the total number of users over 250, the operation is blocked.