ESET Online Help

Select the category
Select the topic

Full Disk Encrypt a client workstation using OPAL



Using OPAL Hardware Encryption entrusts the security to the disk hardware vendor. ESET cannot verify or be liable for the strength of security in third-party devices and advise checking whether the disk in use has any known security vulnerabilities.

This article only applies to managed environments using an ESET Endpoint Encryption (EEE) Server and client workstations with a supported OPAL disk.


Verify your system meets the requirements for OPAL Encryption.

Enable OPAL on the EEE Server

OPAL encryption must be enabled per organization.

1.Log in to your EEE Server Control Panel.

2.Click Organisation > Settings > Full Disk Encryption Settings.

3.Select the Enable OPAL Hardware Encryption for supported drives check box.


Send an OPAL encrypt command to a workstation

To issue a Full Disk Encryption (FDE) command to a workstation:

1.Double-click the appropriate user.

2.To view all the workstations associated to a user and the FDE status of each workstation, click Workstation.

3.Select the appropriate workstation and click Full Disk Encryption.

4.If you do not want to see the initial FDE wizard window in the future, select Don't show this page again and click Next.

5.When the compatibility check completes successfully, click Next.

6.Select the appropriate security mode and click Next. You can use OPAL with or without TPM encryption. If you are unsure about the different security methods, refer to the ESET Endpoint Encryption Trusted Platform Module (TPM) FAQ.


7.Set the FDE login credentials (Username, Password) for the user, or select Single Sign-On, and then click Next. For more information, refer to Using Single Sign-on (SSO) in ESET Endpoint Encryption Server.

8.Suppose it is the first time you send an FDE command from the EEE Server. In that case, you must set a secure FDE Administrator username and password, different from the EEE Server Admin login credentials. Click Next to continue.


9.Select to encrypt the whole disk or just a disk partition. To use OPAL encryption mode, click Change.

10.With OPAL encryption, Safe Start is mandatory to start the encryption process. Click Use OPAL, and then click OK.

11.To send the FDE command to the target workstation, click Start.

During the encryption process, the workstation icon is orange, and the FDE Status is Start FDE Pending. To process the FDE command by workstation, you can wait for the background check period to elapse (by default this is every 60 minutes), or synchronize the client manually. When the FDE command processes successfully, the client machine restarts the system to perform Safe Start. Encryption takes place if Safe Start is successful.


See also detailed information about PSID revert on OPAL disk.