After a package that includes Full Disk Encryption is successfully installed on a client, many requirements must be met before the Full Disk Encryption policy can be enforced. Before these requirements are met, the Pre-boot does not open. The period of time between the installation and when the policy can be enforced is called the Full Disk Encryption Deployment Phase.
To move from Deployment phase to Full Disk Encryption policy enforcement, these requirements must be met:
If there is communication between the client and server and the client meets the Client requirements, all of the requirements are completed automatically. However, if these requirements are not met, Full Disk Encryption cannot protect the computer and the Pre-boot cannot open.
Note - Not all the Full Disk Encryption (FDE) requirements are shown here. For the complete FDE requirements, see the Release Notes for your Endpoint Security client version. |
Clients must have:
Note - During deployment of the Full Disk Encryption component on the client, the Full Disk Encryption service automatically defragments the volume to create the 32MB of continuous free space, and suspends the Windows hibernation feature while the disk is encrypted. |
Clients must not have:
Other Requirements:
Users will have to reboot their computers twice while Full Disk Encryption deploys. One time to make sure the Pre-boot is running before Full Disk Encryption encrypts the hard drive, and one time to validate the authentication credentials.
You will see the status of the Deployment phase in:
These are the statuses as shown in the Client Endpoint Security Main Page:
Component Name |
File Name |
Description |
---|---|---|
Full Disk Encryption service |
|
The Full Disk Encryption service contains the current configuration data and initiates background encryption or decryption. By exchanging volume boot records, the Full Disk Encryption service identifies volumes that are targeted for encryption. |
Crypto core |
|
The Crypto core contains the encryption algorithms. |
Filter driver |
|
The Full Disk Encryption driver for encryption. The File Allocation Table (FAT) provides the driver with the location of sectors where data is stored. Full Disk Encryption encrypts every byte of the selected disk. Background encryption starts from the first sector of the selected volume and moves in sequence to the last sector. The entire operating system is encrypted. |