A.4 Pre-Boot Authentication Reboot Control

This page lets you determine when the device is rebooted after initialization of the ZENworks PBA; the first pre-boot authentication does not occur until the device reboots. It also lets you specify the number of times a user can enter the incorrect PBA login information before being locked out.

A.4.1 Reboot Options

Both the ZENworks PBA and the Full Disk Encryption Agent’s encryption drivers are initialized the first time the device reboots after the Disk Encryption policy is applied. However, the ZENworks PBA requires an additional reboot to facilitate user capturing (if enabled) or authentication of a predefined user. In addition, encryption of the target volumes does not begin until this reboot occurs.

The following options let you specify how you want this second reboot to occur:

  • Reboot Behavior: Select one of the following:

    • Force device to reboot immediately: Reboots the device immediately after the PBA is initialized.

    • Do not reboot device: Does not force a reboot after the PBA is initialized. The user must initiate a reboot before user capturing or predefined user authentication can occur.

    • Force device to reboot within XX minutes: Reboots the device within the specified number of minutes after the PBA initializes. The default delay is 5 minutes.

  • Display predefined message to user before rebooting: If you selected the Do not reboot device option or the Force device to reboot within XX minutes option, you can display a message to the user. The Force device to reboot immediately option does not support a message.

    Select this option to display the following message:

    ZFDE Policy Enforcement

    Your ZENworks Administrator has assigned a Disk Encryption policy to your computer. To enforce the policy, your computer must be rebooted.

  • Override predefined message with custom message: This option is available only after you select the Display predefined message to user before rebooting option. It lets you override the predefined message with your own custom message. Select the option, then specify a title for the message window and the text to include in the message body.

A.4.2 Lockout Settings

The Lockout settings apply to the ZENworks PBA login.

  • Enable lockout for failed logins: Select this option to enable the PBA to lock out users based on failed login attempts, then configure the following settings:

    • Maximum Number of Failed Logins: Specify the maximum number of failed logins to allow before the lockout is enforced (the default is 10).

    • Failed Logins after which Login is Delayed: Specify the number of failed logins to allow before delaying subsequent logins. The delay between login attempts is 2 minutes. Make sure to specify a number that is less than the one entered in the Maximum Number of Failed Logins field.

  • PBA Keyboard Layout: Select the keyboard layout used for authentication.