11.0 Overriding the PBA with an ERI File

A device’s emergency recovery information (ERI) file can be used to perform a PBA override on self-encrypting hard disks. This method does not apply to standard hard disks.

Rather than use the challenge-response methodology, a user can load the ERI file for his or her device (including the ERI password) to bypass the ZENworks PBA. The bypass can unlock the disk one time, so the PBA remains active, locks the disk the next time the device powers off, and enforces pre-boot authentication on the next start up. Or, the bypass can deactivate the PBA, so the disk remains unlocked and no pre-boot authentication takes place on subsequent device startups.

  1. Make sure the media (for example, a USB drive) containing the ERI file is inserted in the device.

  2. Start the device so that it boots to the ZENworks PBA login screen.

  3. Click Helpdesk.

  4. Select Load Emergency Recovery File, then click Next.

  5. Use the file browser to locate and select the ERI file.

  6. Choose the action you want performed when the ERI is loaded:

    • Unlock disk temporarily: This bypasses the PBA one time.

    • Deactivate pre-boot authentication: This bypasses the PBA permanently.

  7. Click OK to display the ERI password dialog box.

  8. Provide the ERI password, then click OK.

    Pre-boot authentication is bypassed and the device boots to the Windows operating system. This process can take several minutes.