3.3 Managing PBA User Accounts

You can use the Full Disk Encryption Agent to add or delete user accounts for ZENworks Pre-Boot Authentication (PBA). PBA user accounts you add exist only on the device; they are not added to the Disk Encryption policy. In addition, if the Remove existing users from PBA if not in this list option is enabled in the Disk Encryption policy, the added user is removed after the next login.

You can also use ZENworks Control Center to add PBA users on a device. For information, see Manually Adding Users in the ZENworks Full Disk Encryption PBA Reference.

  1. Make sure you know the FDE Admin password for the policy that is assigned to the device.

    To add or remove a PBA user account, you must know the FDE Admin password for the policy assigned to the device, or you must know the ZENworks Agent override password or key. For more information about passwords, see Section B.0, Administrator Passwords.

  2. Open the Full Disk Encryption agent on the managed device. See Accessing the Full Disk Encryption Agent.

  3. Click the Commands button.

  4. Supply the password, then click OK to display the Commands dialog box.

  5. Click the Add/Delete PBA User button.

  6. Provide the username, password, and domain of the user you want to add or delete.

    If the user is not part of a Windows domain, specify the computer name instead.

  7. (Conditional) If you want to delete the user, select the Check to Delete User box.

  8. Click OK to add or delete the user.

    You can verify the change by viewing the agent status and looking at the PBA User List (see Viewing the Agent Status).