ESET Online Help

Search English
Select the topic

Deploy an installer with a pre-defined password

When you deploy ESET Full Disk Encryption, you can set installation parameters to include a password to start encryption and a keyboard map. You can use installation parameters when you want to deploy a system with a pre-defined password so that an MSP or Administrator can set up a new computer, deploy ESET Full Disk Encryption and automatically encrypt the system when an encryption policy is set.



STARTUPPASSWORD and STARTUPPASSWORDKLID parameters must be included in ESET Full Disk Encryption installation

ESET Full Disk Encryption 1.3.0.x version

ESET Full Disk Encryption installation must be activated

The system must be connected to ESET PROTECT On-Prem console via the ESET Management Agent

1.In ESET PROTECT On-Prem console, click Computers.

2.Click the computer and click Tasks > New Task.

3.Type the task name (for example, EFDE Automatic Encryption Installation) and select Software Install from Task drop-down menu.

4.Click Continue.

5.Click <Choose package> and select the installation package from the repository.

6.Into Installation parameters, type STARTUPPASSWORD and STARTUPPASSWORDKLID.


STARTUPPASSWORD sets the initial FDE password. For example, if the parameter is STARTUPPASSWORD=12345, the password for encryption will be 12345.

STARTUPPASSWORDKLID sets the keyboard layout. For example, if the parameter is STARTUPPASSWORDKLID=00000409, an English US keyboard will be installed on the system. The parameter uses keyboard KLIDs to identify and add the right keyboard to the system. See the list of keyboard layouts.

These parameters must be used simultaneously to start encryption automatically when an encryption policy is applied to the system.

7.If required, select Automatically reboot when needed. The automatic reboot is not needed, although ESET Full Disk Encryption needs a restart to install. No encryption will take place without a restart.


8.When ESET Full Disk Encryption is installed, you must activate the product to start the encryption process. You must create an encryption policy and apply it to the device to start encryption in the mode that meets client needs.

After completing all the above steps, the device prompts the user to start Safe Start. When Safe Start completes successfully, the device will start the encryption process without the user having to type a password.

If the client reboots the device, they must use the password they typed in the installation parameter STARTUPPASSWORD.


The ESET PROTECT On-Prem Administrator can send the Invalidate FDE Login Password task when the user receives the device; this way, the user is forced to create their password.