10.2 Standard Hard Disk with Pre-Boot Authentication

The following process occurs after a Disk Encryption policy (encryption and pre-boot authentication) is assigned to a device with standard hard disks:

  1. The next time the ZENworks Adaptive Agent refreshes it receives the Disk Encryption policy.

  2. The ZENworks Full Disk Encryption Agent applies the policy to the device.

  3. The device reboots according to the disk encryption reboot setting in the policy. During the reboot, the following occurs:

    • A CheckDisk occurs if the Run Windows check disk with repair option is enabled in the policy. On Windows XP, the operation is performed if needed even if the option is not enabled in the policy.

    • A 100 MB ZENworks partition is created. This partition is used for storage of encryption files, the Emergency Recovery Information (ERI) file, and the ZENworks PBA Linux kernel.

    • The Disk Encryption drivers and the ZENworks PBA are initialized.

    • The user is prompted to log in to Windows.

  4. After successful Windows login, the device reboots according to the PBA reboot setting for the policy. During the reboot, the following occurs:

    • If user capturing is enabled, the user receives an informational prompt and then the Windows login is displayed. When the user logs in (either with userID/password or smartcard), the ZENworks PBA captures the credentials. On subsequent reboots, the user is presented with the ZENworks PBA login and must provide the captured credentials.

    • If user capturing is not enabled, the user is prompted to enter credentials at the PBA login screen. The user must enter valid credentials for a PBA user or smartcard defined in the policy. If single-sign on is not enabled, the Windows login is then displayed and the user must enter valid Windows credentials to log in.

  5. After successful login, the target disk volumes, as specified in the policy, are encrypted.

    Depending on the number of volumes and amount of data to be encrypted, this can take some time. If the device is rebooted during the encryption process, the process restarts where it left off prior to the reboot.

    You can view the ZENworks Full Disk Encryption About Box to monitor the encryption process: