Encryption management

Management of encrypted workstations consists of pre-boot login management.

You can access these options from Computer Details -> Overview -> Encryption tile -> Manage:

important

Important information

Each of these tasks (Invalidate FDE login, Block FDE login, Wipe FDE Login) is executed only after the ESET Management Agent receives the task during the agent replication process (Usually next time the agent connects to the management server after the task is executed). The computer requires to be booted into the windows for the agent to receive the information about the task. The pre-boot login screen is not sufficient enough state for the agent to execute these tasks.

Invalidate FDE login password - This task will immediately invalidate the current login password and prompt the user to change their login password in the EFDE client GUI. If the user does not change their password in the EFDE client GUI and shuts down the device, they will be prompted to change the password on the pre-boot login screen, the next time the device is booted.

Restore Access

oRecovery password - generates the recovery password for the user to use to setup a new login password.

oRecovery data - generates the decryption file required for encryption recovery.

Block Access

oBlock FDE login password - This task will disable the pre-boot login on the device after the device's next reboot. The Recovery password is required to set a new pre-boot login password for the user to be able to login on the device. The user is not able to change his login password (even if this is enabled by EFDE configuration policy) at the pre-boot login screen at this state.

oWipe FDE login password - This task will BSOD the device immediately after it is executed on the device. The FDE login is wiped on the device, and the user is blocked from any attempt to login. User login, password change, and password recovery is disabled in this state. The only option is encryption recovery with encryption recovery drive.