Full Disk Encryption policy settings enable user acquisition by default. If user acquisition is disabled, the administrator must assign at least one Pre-boot user account to each client computer before encryption can start.
If user acquisition is enabled, users are prompted to log out and log in again so their accounts can be acquired for Pre-boot authorization. You can require one or more users to be acquired before encryption can start.
You can also configure clients to continue user acquisition after Pre-boot is already enabled. This might be useful if a client computer is used by many users, also called roaming profiles.
Action |
Description |
---|---|
Automatically learn and authorize logged in users |
Before hard disk encryption, automatically register users that access their local computers and authorize them to access their computers after encryption. Note - It is always possible to manually authorize users to access encrypted computers |
Manually authorize users to access encrypted computers |
Administrators must manually authorize users to their computers after encryption. |
Double-click an action to edit the properties.
Usually a computer has one user and only one user must be acquired. If the computer has multiple users, it is best if they all log on to the computer for Full Disk Encryption to collect their information and acquire them.
Before you enable Automatically learn and authorize logged in users, make sure clients can get device and user policies from the server.
To configure settings for Automatically learn and authorize logged in users:
If you enter 3, encryption does not start until three users log on to the computer.
This setting limits the number of days when user acquisition is active for the client. If the limit expires and one user is acquired, Pre-boot is enforced and encryption can start. If no users are acquired, user acquisition continues.
Pre-boot becomes enforced on acquired users after one of the criteria are met.
Note - If you need to terminate the acquisition process, for example the client fails to acquire users even though an unlimited time period is set, define a new policy where automatic acquisition is disabled. |