Heterz 0 Posted March 2, 2023 Share Posted March 2, 2023 Hello, I would like to implement EFD in our structure, but I have the instruction not to have a password at startup. I saw in the policies that you can disable Power-on Authentication. it works well but on the ESET Protect portal, the computers turn red and there is a notification on the workstation. Is there a way to make authentication disabled at startup normal? Thanks in advance Link to comment Share on other sites More sharing options...
ESET Staff AAndrejko 9 Posted March 2, 2023 ESET Staff Share Posted March 2, 2023 Hello, Toggling authentication within the ESET Full Disk Encryption is way to disable authentication from viewing on start-up at all. However, I would like to stress that since there's no user login prompt when authentication is disabled, the system is not protected from threats via our authentication pre-boot process and data will be accessible once Windows loads, the only authentication stopping anyone getting into the systems desktop at this point is Windows login. I would also like to note that disabling authentication via policy or via a task in ESET Full Disk Encryption was not designed to be disabled permanently. The function is merely there to aid users and administrators when reboots are needed with minimal user interaction, such as when Windows is performing updates. It can also aid when travelling abroad. If you would still like to disable the pre-boot authentication screen, I would like to turn your attention to one of our other encryption products, ESET Endpoint Encryption. In Endpoint Encryption there is an encryption mode called TPM No Extra Authentication, this uses the TPM to validate the boot process and then the Windows login screen is shown to the user if the TPM is present and intact. Although it's still good practice to ensure the users password is an adequate length and complexity and ensure Windows is up to date. You can see more information about it here - https://help.eset.com/eee_server/3/en-US/what_is_a_trusted_platform_module.html Kind regards, Ashley Link to comment Share on other sites More sharing options...
Heterz 0 Posted March 2, 2023 Author Share Posted March 2, 2023 Hello @AAndrejko, Thank you for your reply. I understand that the solution is not made so that authentication is permanently disabled. Eset endpoint encryption may be better to use than one would need. Namely, we have a strong protection for Windows boot with an AD and a password reinforcement solution via Passphrase and verification if the password is not corrupted elsewhere. However, I would like to know if we can manage Eset endpoint encryption on a platform like eset protect? We need to manage encryption remotely as we have multiple agencies all over the country/world. Kind regards Link to comment Share on other sites More sharing options...
ESET Staff Solution AAndrejko 9 Posted March 2, 2023 ESET Staff Solution Share Posted March 2, 2023 Hi @Heterz In the case of removing FDE authentication and your protections with AD I would definitely recommend Endpoint Encryption as the solution in this case. Endpoint Encryption cannot be managed via ESET Protect, however it has it's own server to manage the Endpoints with a dedicated web interface. The EEE product has a lot more policies, customization options and features compared to EFDE so Protect wouldn't be suitable. You can view more information about it here - https://help.eset.com/eee_server/3/en-US/index.html As for managing encryption remotely EEE definitely has you covered. When EEE is used in managed mode (Paired with an EEE server) it uses what's known as our proxy server. The proxy server acts as a cloud which can send and receive commands from the server and client devices, this means any client that has an internet connection can sync with the Encryption Server. I'm very much paraphrasing what the Proxy Server and EEE server can do at this point due to this just being a forum post. The EEE product also has a lot more features like file & folder encryption, outlook integration, so much more. I would definitely recommend you get in touch with your local sales office, they should be able to give you more information in terms of how the product works, and possibly run through a demo with you to see how it works in your environment. Kind regards, Ashley Link to comment Share on other sites More sharing options...
Heterz 0 Posted March 2, 2023 Author Share Posted March 2, 2023 Great ! Thank you very much for your information that you provided to me. I will actually check with our local sales office to get all the details of the solution. Thanking you have a great day Link to comment Share on other sites More sharing options...
Recommended Posts