The ZENworks PBA can be enabled to capture the credentials (user ID/password or smart card) of the next user who logs in to the device. This process is referred to as user capturing.
If a Disk Encryption policy has user capturing enabled, the ZENworks PBA captures the credentials of the first user to log in after the policy is applied. You can also enable user capturing after the policy is applied through a ZENworks Control Center Quick Task or through the ZENworks Full Disk Encryption Agent. After user capturing is enabled, the ZENworks PBA captures the credentials of the next user to log in and adds them to any other captured credentials.
The following sections cover both methods of enabling user capturing.
To use a ZENworks Full Disk Encryption Quick Task in ZENworks Control Center, a ZENworks administrator must be assigned the ZENworks Administrator Accounts and Rights Reference.privilege. This privilege is configured through the Quick Tasks rights for administrators and administrator groups. For help configuring Quick Tasks rights, see the
For user capturing to be enabled on a device through a Quick Task, the device must be running and have a network connection to the ZENworks Server. Otherwise, the ZENworks Server cannot deliver the Quick Task to the device.
To enable user capturing on a device:
In ZENworks Control Center, click.
In thepanel, locate the device for which you want to enable user capturing.
Select the check box next to the device, click, click , then click to confirm the task.
In the Quick Task Status dialog box, clickif you want to use the default options.
Configure the options as desired, then click.
For information about the options, click the Help icon in the Quick Task Status dialog box.
As soon as the Quick Task is complete, have the user restart the device.
Until the device restarts and the correct user’s credentials are captured, the device’s security is compromised. Having the user immediately restart the device minimizes this possible security threat.
To use the ZENworks Full Disk Encryption Agent to enable user capturing on a device, you must know the FDE Administrator password for the policy assigned to the device, or you must know the ZENworks Agent override password or key.
On the device, right-click the ZENworks icon in the notification area, and select.
Clickin the ZENworks Agent navigation menu.
In thesection, click to display the About dialog box.
Supply the password to display the Commands dialog box.
You can verify the setting by viewing the agent status (in the About dialog box) and looking at the WINDOWS_CRED_SELFINIT.value. If user capturing is enabled, the value is
Exit the Full Disk Encryption Agent and restart the device.
Until the device restarts and the correct user’s credentials are captured, the device’s security is compromised. Immediately restarting the device minimizes this possible security threat.