About user registration basics for administrators

A registered user is one who is registered with
Symantec Endpoint Encryption
Drive Encryption
. Once user registration happens.
Drive Encryption
notifies the server of a user account registration and
Drive Encryption
recognizes that user as a
Drive Encryption
registered user. This registration process ensures that the registered user's credentials are recognized at the preboot authentication screen, which appears whenever that user restart the computer. Only a registered user of
Drive Encryption
can access an encrypted disk. You can configure user registration to happen with or without a user's intervention in one of the following ways:
  • The policy administrator configures
    Drive Encryption
    to register a user account to an encrypted disk without user intervention. The user registration happens automatically when the user logs on to a computer that has
    Drive Encryption
    installed. Registration is silent and saves your time by automatically registering the user's Windows credentials when the user logs on using a valid authentication method.
  • The client administrator registers a user account to an encrypted disk without user intervention.
  • The policy administrator configures a user account and allows a user to self-register manually to an encrypted disk when required.
At least one user must register with
Symantec Endpoint Encryption
on each Windows client computer. When at least one user is registered on a client computer, all users are required to provide preboot authentication credentials to gain access to Windows. When a client computer connects to the
Symantec Endpoint Encryption Management Server
after the first user registers, the
One-Time Password
feature's authentication mode changes from Offline to Online.
If you enable the
Autologon
feature on a client computer permanently, preboot authentication is disabled permanently. However, the
Drive Encryption
client continues to register new users' Windows credentials automatically.
Symantec Endpoint Encryption
supports both password and smart card authentication for registered users. You can use the
Management Console
to configure whether only one or both authentication methods are enabled. Users of both authentication methods must log off from Windows and log on again with the second authentication method to ensure that it is registered.
When a new user is registered, they are prompted to set their
Drive Encryption Self-Recovery
security questions, if any, and enter their answers. You can configure the number of questions that users define and that you predefine, or select a mix of user-defined and predefined questions.