ESET Online Help

Search English
Select the topic

Encryption management

Management of encrypted workstations consists of pre-boot log in management.

You can access these options from Computer Details -> Overview -> Encryption tile -> Manage:

Or execute the efde_policy_winmaintenance mode tasks and policy options.


All EFDE tasks are executed only after the ESET Management Agent receives the task during the agent replication process (usually next time the agent connects to the management server after the task is executed). The computer requires to be booted into the windows for the agent to receive the information about the task. The pre-boot login screen is not sufficient enough state for the agent to execute these tasks.

efde_policy_winInvalidate FDE login password - This task immediately invalidates the current login password and prompts users to change their login password in the EFDE client´s main program window. If the user does not change their password in the EFDE client´s main program window and shuts down the device, users are prompted to change the password on the pre-boot login screen the next time the device is booted.

efde_policy_winGenerate new FDE recovery password - This task immediately invalidates the current login password and generates a new one that the administrator can provide to the user.

efde_policy_win efde_policy_macosRestore Access

oefde_policy_win efde_policy_macosRecovery password - generates the user's recovery password to set up a new login password.

oefde_policy_win efde_policy_macosRecovery data - generates the decryption file required for encryption recovery.

efde_policy_winBlock Access

oefde_policy_winBlock FDE login password - This task forces the user to require a recovery password to boot the machine. The Recovery password is required to set a new pre-boot login password for the user to log in on the device. The user cannot change their login password (even if this is enabled by EFDE configuration policy) at the pre-boot login screen at this state.

oefde_policy_winWipe FDE login password - This task initializes BSOD the device immediately after the execution on the device. The FDE login is wiped on the device, and the user is blocked from any login attempt. User login, password change, and password recovery are disabled in this state. The only option is encryption recovery with an encryption recovery drive.