User Authorization before Encryption

Full Disk Encryption policy settings enable user acquisition by default. If user acquisition is disabled, the administrator must assign at least one Pre-boot user account to each client computer before encryption can start.

If user acquisition is enabled, users are prompted to log out and log in again so their accounts can be acquired for Pre-boot authorization. You can require one or more users to be acquired before encryption can start.

You can also configure clients to continue user acquisition after Pre-boot is already enabled. This might be useful if a client computer is used by many users, also called roaming profiles.

Action	Description
Automatically learn and authorize logged in users	Before hard disk encryption, automatically register users that access their local computers and authorize them to access their computers after encryption. Note - It is always possible to manually authorize users to access encrypted computers
Manually authorize users to access encrypted computers	Administrators must manually authorize users to their computers after encryption.

Action

Description

Automatically learn and authorize logged in users

Before hard disk encryption, automatically register users that access their local computers and authorize them to access their computers after encryption.

Note - It is always possible to manually authorize users to access encrypted computers

Manually authorize users to access encrypted computers

Administrators must manually authorize users to their computers after encryption.

Double-click an action to edit the properties.

Usually a computer has one user and only one user must be acquired. If the computer has multiple users, it is best if they all log on to the computer for Full Disk Encryption to collect their information and acquire them.

Before you enable Automatically learn and authorize logged in users, make sure clients can get device and user policies from the server.

To configure settings for Automatically learn and authorize logged in users:

Pre-boot enforcement will begin after - Endpoint Security can start to enforce Pre-boot for acquired users before user acquisition is completed. Select when this starts:
- The acquisition process has acquired x user(s) - Select how many users to acquire before Pre-boot becomes enforced on acquired users.
  If you enter 3, encryption does not start until three users log on to the computer.
- At least one user has been acquired after x day(s) - Select how long to wait before Pre-boot is enforced on acquired users.
  This setting limits the number of days when user acquisition is active for the client. If the limit expires and one user is acquired, Pre-boot is enforced and encryption can start. If no users are acquired, user acquisition continues.
  
  Pre-boot becomes enforced on acquired users after one of the criteria are met.
Continue to acquire users after Pre-boot has been enforced - Pre-boot is active for users who were acquired and user acquisition continues for those who were not acquired.
- User acquisition will stop after having acquired additional (x) user(s) - User acquisition continues until after the selected number of additional users are acquired.

Note - If you need to terminate the acquisition process, for example the client fails to acquire users even though an unlimited time period is set, define a new policy where automatic acquisition is disabled.