General

In the Pre-boot authentication settings, you can activate pre-boot authentication for DriveLock agents that are protected with Disk Protection.

On the General tab, select the Enable pre-boot authentication option.

To access a system protected by Disk Protection, authentication is required at both the pre-boot authentication level and the Windows access level. In single sign-on mode, an end user only needs to log in once for both levels (pre-boot and Windows). That's why the option Enable single sign-on for Windows is set by default.

A combination of local users, domain users (with password) and domain users (with token) are available to the user for pre-boot and Windows authentication. Here, too, the top two options are set by default.

  • Local user access: This default method allows local Windows users to authenticate to the system using their local Windows user name, password, and local system name.

  • Domain user access (with password): This method allows Windows domain users to authenticate to the system using their Windows domain username, password, and domain name.

  • Domain user access (with token): This method allows Windows domain users to authenticate themselves with a smartcard / token and PIN.

  • Enable logon using "password token": This method allows pre-boot authentication for a password token user. If you select this option, you have to select at least one Windows authentication method. If you check this option, then you need to select at least one more Windows authentication.

    Make sure there is a valid token for both PBA and Windows logon (unlock) before configuring Disk Protection for token access only.

  • Count failed logins globally for all users is preset and causes failed attempts to be counted up regardless of the specified user.

    After a certain number of failed logins, a user can be locked out for a certain amount of time to protect the system from a brute force attack using automated login scripts. Change the default values according to your corporate security policies.

  • If you use certificates for authentication you can also configure how many days before the expiration of a certificate DriveLock Disk Protection notifies the user of the upcoming expiration.

Once a policy with this setting takes effect on the DriveLock Agent, the PBA is enabled there and the end user is presented with a corresponding dialog.