ESET Online Help

Search
Select the category
Select the topic

Full Disk Encryption

With an activated user and workstation displayed in the ESET Endpoint Encryption Server (EEE Server), the administrator can remotely initiate full disk encryption (FDE) on that machine.

You can do this on one of two ways.

1.Select the workstation to encrypt.

Method no. 1:

a.Select the Workstations tab.

b.Highlight the workstation intended for FDE.

c.Click Details (or double click the workstation).

d.Click Full Disk Encryption.

mainwnd_cards_worstation_fde

Method no. 2:

a.Select the Users tab.

b.Highlight the user whose workstation is to be encrypted.

c.Click Details (or double click the user).

d.In the user's detail sub window, select the Workstation tab,  then the user.

e.Click Full Disk Encryption.

mainwnd_usercard_fde

2.The Full Disk Encryption wizard will show, as below.

encrypt_workstation

3.Compatibility Checks—This checks the workstation information for any known incompatibilities.

compatibility_check

4.Select User—If the Encrypt Wizard was started from a Workstation card, without a user context, you must select the user in this wizard. If you start the wizard from the User card, this page is skipped as the user choice is implicit.

5.Define FDE Login Details.

oUsername—this does not have to be the username as shown, it can be a generic name for the workstation of your choice.

oPassword—either define a password or use the system generated one.

oPassword attempts—define the number of password retries permitted.

oRecovery password uses—define the number of times a single recovery password can be used

oEmail FDE Login details—Select whether to send the user their FDE login details by email

oSingle Sign-On (SSO)

User must confirm password—the user must provide a valid password (as defined by the administrator) before encryption commences. If this option is selected the number of system starts permitted without initiating full disk encryption must be defined. When that number is exceeded the encryption process will commence.

User can choose password—users can define their own password before the process will start.

User can change password—allows the user to change their FDE password.

 

fde options

oIf you opt to change Administrator FDE Details - Admin Login

Administrator Username—type the admin name for the workstation.

Administrator Password—the password is not the ESET Endpoint Encryption Server administrator login password, this is unique to the full disk encryption process and is controlled by password policy settings, so may require the use of upper and/or lower case letters, numbers and minimum password length.

Password attempts (if selected by check box)—type the number of admin password retries permitted before the workstation is locked.

fde_admin_options

6.If the workstation has reported sufficient data to allow a disk selection, select disk partitions to encrypt.

disk_parts_fde

7.When all options have been selected, a summary will be shown. Click Encrypt and the EEE Server will start the process on the workstation.

fde_options_summary

The workstation user will see the following messages (dependent on the options selected).

If you have selected to carry out the pre-boot and the client workstation has received the FDE command via a syncronisation, the user will be shown the following dialog to carry out a short reboot.

forcereboot

The workstation will then reboot and show the 'Safe Start' countdown screen. This can be allowed to complete and the user will be returned to the Windows logon page or the user can press any key to continue to Windows.

If Safe Start returns a 'failed' message, contact our support site: and attach the zip file that is created from the ESET Endpoint Encryption Diagnostic Tool to a support ticket.

safestart

Based on which FDE Login Details have been specified by the administrator, the following dialogs will present to user:

If User must confirm password was selected, the user will see the following before encryption starts - If this box was not checked the encryption will start without warning. Note that in the instance below the user is allowed 5 system restarts before encryption will be forced on their machine.

clip0103

 

If User can choose initial password was selected, the user will see the normal password definition window, as below. As before, password policy is enforced and the hover clue is available.

clip0104

 

When the password has been correctly entered twice, the full disk encryption process will commence and a status windows will show.

The user's machine can be used as normal during the encryption process and can be powered off if required with encryption continuing from the point it had reached when the machine is next used.


note

Disk encryption will not restart immediately when the machine is switched on, a period of five minutes is set for all system processes to stabilize before encryption is resumed.

 

The EEE Server will also show the encryption status, although it is only updated when the workstation and EEE Server are periodically Synced.

 

fde_encryption_status

 

fde_encryption_status_es

 

When the encryption process is completed the machine will be restarted and the user will see the following screen during initial boot up. To start the machine normally select option 1 (the mouse will not work, they have to use the keyboard arrows or select a number) and press return. The user then needs to type their username and password. The system will then start.

preauth_login

For more information see Start Full Disk Encryption (standalone) or Start Full Disk Encryption (managed).