Authenticating at preboot to access your encrypted computer
Startup screen
Once you are registered as a
Drive Encryption
user and restart your encrypted computer, you see the startup screen if your administrator has configured it to precede the preboot authentication screen. To proceed to the preboot authentication screen, press Enter.Preboot authentication screen
Drive Encryption
needs credentials before it lets you access your protected hard drive. To access your encrypted data in your computer, you must authenticate using your registered credentials at the preboot authentication screen. This process is called preboot authentication. Preboot authentication screen shortcut keys:
- Press the TAB key to navigate through the preboot authentication screen.
- Press F3 to hide or show the password characters.
- Press F2 to select a keyboard layout. Press F8 to toggle between the current and the previously selected keyboard layouts.On touchscreen devices, the virtual keyboard that you can activate at the preboot authentication screen supports only the English US keyboard layout.
- Press F1 to display the help screen.
Audio beeps for preboot authentication
- Press F12 to enable audio beeps during preboot authentication only for the current session.
- The client administrator can enable audio cues using the following command:--set-soundFor more information, see the.Symantec Endpoint EncryptionDrive EncryptionAdministrator Command Line Guide
Supported languages for the preboot authentication screen
The preboot authentication screen supports the following languages: English, French, German, Japanese, and Spanish. By default, the preboot authentication screen is displayed in the language that your administrator configures.
Japanese is not a supported language for the preboot authentication screen on UEFI-based systems.
Unsupported characters for the preboot authentication screen
Preboot authentication does not support certain ALT characters such as ALT+155. These are the special characters that appear when you press the ALT key with your number pad. To avoid preboot authentication issues, do not use ALT characters in your user name or password.
The preboot authentication screen is not displayed if your administrator has enabled the
Autologon
feature on your encrypted computer. Preboot authentication process
When you enter valid authentication credentials at preboot,
Drive Encryption
provides access to your encrypted computer. You use one of the following authentication processes, per your policy.If your administrator has enabled single sign-on with restart or shut down; you are automatically logged on to Windows after you authenticate with Windows credentials at preboot. For single sign-on with hibernation, your administrator has to enable an additional Management Agent advanced setting along with single sign-on enabled so that when you resume after hibernation, you are automatically logged on to Windows after you authenticate with Windows credentials at preboot. However, if your administrator did not enable single sign-on, you authenticate twice; first at preboot, and then at the Windows logon screen. You may use a Windows password or a token for authentication.
If your administrator has enabled double authentication, you authenticate at preboot using your Windows user name and
Drive Encryption
password. This authentication gives you access to the Windows logon screen, where you authenticate again using your Windows credentials.For enhanced security, your client administrator can create a
Drive Encryption
user name and password for you. The client administrator can also preregister the Drive Encryption
user name and password to an encrypted computer. Then, provide the credentials to you to access the encrypted computer. Later, when you turn on the encrypted computer, you use Drive Encryption
user name and password and authenticate at preboot. Then, log on to Windows using your Windows credentials. For example, if you need to share an encrypted computer with another Windows user, your client administrator may create a shared Drive Encryption
user name and password. Then, provide the Drive Encryption
user name and password to you and other Windows users to access the shared computer.For ease of use, your administrator may enable simple authentication. At preboot, you log in using only the password that you specified when you registered.
In summary, the types of authentication credentials and process you may use to authenticate are:
- Authenticating at preboot using a token or a smart card
- Authenticating at preboot using your Windows credentials
- Authenticating at preboot using your Windows user name and yourDrive Encryptionpassword
- Authenticating at preboot using aDrive Encryptionuser name and password
- Authenticating at preboot using only your password
If you enter invalid authentication credentials at preboot,
Drive Encryption
displays an error message. Try entering valid authentication credentials again. Ensure that you have entered a valid user name, password, and domain name, if required. By default, asterisks appear for each character that you type in the
Password
box. Alternatively, your cursor randomly steps through the spaces. If you want to change your preboot data entry behavior, contact your client administrator. The administrator can use the Administrator Command Line
to change the behavior.The user name and the domain name appear automatically in the preboot authentication screen each time your restart your computer if your administrator has configured this behavior on your computer.