If the Pre-boot is required on a computer as part of Full Disk Encryption, users must authenticate to their computers in the Pre-boot, before the computer boots. Users can authenticate to the Pre-boot with these methods:
The password can be the same as the Windows password or created by the user or administrator.
Users must have a physical card, an associated certificate, and Smart Card drivers installed.
Configure the global settings for the Pre-boot authentication method from the OneCheck User Settings Actions.
Configure the global settings for the Pre-boot authentication method from the OneCheck User Settings policy rule. The settings configured here apply to all users. You can override the global settings for specified users.
Select an Action to define the default Pre-boot authentication method:
Action |
Description |
---|---|
Authenticate users with Password |
Users can only authenticate with a username and password. |
Authenticate users using Smart Card or Password |
Users can authenticate with either username and password or Smart Card. |
The password settings are taken from the OneCheck User Settings rules that are assigned to the user.
Right-click an Action and select Edit to configure more settings if you select to use Smart Card authentication.
Important - Before you configure Smart Card authentication only as the default, make sure that you understand the requirements. See Before You Configure Smart Card Authentication. All requirements must be set up correctly for users to successfully authenticate with Smart Cards. |
To configure Smart Card only or for Smart Card or Password as the default:
This lets users authenticate with a password until all of the requirements for Smart Card authentication are set up correctly. After users successfully authenticate one time with a Smart Card, they must use their Smart Card to authenticate. If you configure a user for Smart Card only and do not select this, that user is not able to authenticate to Full Disk Encryption with a password.
Select one or more Smart Card drivers.
If you do not see a driver required for your Smart Card, you can:
If necessary, use the Pre-boot Reporting reports to troubleshoot issues with drivers or user certificates.
By default, users get the Pre-boot authentication method from the global Pre-boot Authentication Settings. You can assign custom authentication settings to users on the User Details page. You can also assign a user password and manually add user certificates on this page.
On E80.60 and higher Endpoint Security Management Servers and E80.60 and higher clients, you can assign Dynamic Token as a user's authentication method.
To change a user Pre-boot authentication method:
This lets users authenticate with a password until all of the requirements for Smart Card authentication are set up correctly. After users successfully authenticate one time with a Smart Card, they must use their Smart Card to authenticate. If you configure a user for Smart Card only and do not select this, that user is not able to authenticate to Full Disk Encryption with a password.
Select one or more Smart Card drivers.