The following process occurs after a Disk Encryption policy is assigned to a device with self-encrypting hard disks:
The next time the ZENworks Adaptive Agent refreshes it receives the Disk Encryption policy.
The ZENworks Full Disk Encryption Agent applies the policy to the device.
ZENworks creates a 128 MB MBR shadow and copies the ZENworks PBA Linux kernel to it.
ZENworks initiates a forced shutdown of the device after the time period specified by the PBA Force device to reboot within xx minutes setting in the policy. If another setting (either Force device to reboot immediately or Do not reboot device) is configured as the PBA reboot option, the setting is ignored and the forced shutdown occurs after 5 minutes.
This is a hard shutdown, not a reboot. The user must power on the device after the shutdown.
At startup, the user receives a ZENworks Full Disk Encryption informational prompt and then the Windows login is displayed.
During this initialization process, User Capturing and Single Sign-On are enabled regardless of the policy settings. After this one-time initialization process, the PBA enforces the User Capturing and Single Sign-On settings configured in the policy.
When the user logs in to Windows (either with userID/password or smartcard), the ZENworks PBA captures the credentials.
On subsequent reboots, the user is presented with the ZENworks PBA login and can provide the captured credentials or any credentials predefined in the policy’s PBA User list or Certificates list.