Dell Encryption Personal Installation Guide v11.9

Configure Pre-Boot Authentication

1. In the Data Security Console, click the Administrator Settings tile.
2. Ensure that the backup location is accessible from the computer.
   If Backup Location not found displays and the backup location is on a USB drive, either your drive is not connected or is connected to a different slot than the one used during backup. If the message displays, and the backup location is on a network drive, the network drive is inaccessible from the computer. If it is necessary to change the backup location, from the Administrator Settings tab, select Change Backup Location to change the location to the current slot or accessible drive. A few seconds after reassigning the location, the process of enabling encryption can proceed.
3. Click the Encryption tab and then click Encrypt.
4. At the Welcome page, click Next.
5. Select Encrypt all Fixed Self-Encrypting Disks to enable Multi-disk encryption.

   

6. In the Pre-boot Policy page, change or confirm the following values, and click Next.

   Attempts at non-cached user login	Number of times an unknown user can attempt to log in (a user that has not logged in to the computer before [no credentials have been cached]).
   Attempts at cached user login	Number of times can a known user attempt to log in.
   Attempts at answering recovery questions	Number of times the user can attempt to enter the correct answer.
   Enable Crypto Erase Password	Select to enable.
   Enter the Crypto Erase Password	A word or code of up to 100 characters used as a fail-safe security mechanism. Entering this word or code in the user name or password field during Pre-boot authentication initiates a crypto erase, which removes the keys from secure storage. Once this process is invoked, the drive is unrecoverable. Leave this field blank if you do not want a crypto erase password available in case of emergency. Leave this field blank if you do not want to have a crypto erase password available in case of emergency.
   Remember Me	Enables or disables the ability for users to select Remember Me on the PBA login screen.

   

7. In the Pre-boot Customization page, enter customized text to display on the Pre-boot Authentication (PBA) screen, and click Next.

   Pre-boot Title Text	This text displays on the top of the PBA screen. If you leave this field blank, no title will be displayed. The text does not wrap, so entering more than 17 characters may result in the text being cut off.
   Support Information Text	Text to display on the PBA support information screen. Customize the message to include details about how to contact a help desk or security administrator. Not entering text in this field results in no support contact information being available to the user. Text wrapping occurs at the word level, not the character level. If a word is more than approximately 50 characters, it does not wrap and no scroll bar is present, truncating the text.
   Legal Notice Text	This text displays before the user is allowed to log on to the device. For example: "By clicking OK, you agree to abide by the acceptable computer use policy." Not entering text in this field results in no text or OK/Cancel buttons being displayed. Text wrapping occurs at the word level, not the character level. For instance, if you have a single word that is more than approximately 50 characters in length, it does not wrap and no scroll bar is present, therefore the text is truncated.

   

8. At the Summary page, click Apply.
9. When prompted, click Shutdown.

   A full shutdown is required before encryption can begin.

   

10. After shutdown, restart the computer.

    Authentication is now managed by the Encryption Management Agent. Users must log in at the PBA screen with their Windows passwords.