Emergency logon

Use these settings to specify which logon methods are available in case a user is no longer able to log on to the DriveLock PBA (for example because the password is missing).

We recommend using the default settings.

• Allow emergency logon with user name: This default option lets users log on in an emergency by entering their name. This affects Windows domains or local Windows user password accounts added to the PBA user database. It permits a one-time pre-boot access to the system.

  Note that a user must have successfully logged in to pre-boot authentication at least once before this feature is available to that user. Users who have never logged in before, must use the Allow emergency logon without user name procedure.

• Single Sign-on after emergency logon allows users to log on to Windows and work with it if they forget their password - even if an administrator has not yet reset the password.

• Emergency logon without user name allows a one-time pre-boot access to the system for all users who have never been logged into the system before. Single sign-on (SSO) is not possible in this case.

• Please note that if you enable the Allow emergency logon for token users option, the corresponding settings for logon with tokens must also be specified on the tabs Logon methods (for BitLocker Management) or General (for Disk Protection).

  Enabling this option allows smartcard / token users, who have misplaced their token or forgotten their PIN, to use the emergency logon procedure for token users. This procedure allows a one-time pre-boot access to the system without using a token.