DESlock+ Support DESlock+ Support
DESlock+ Maintenance Mode
Article ID: KB471 email a link to this article

What is Maintenance Mode?

The new Maintenance Mode feature allows a DESlock+ Full Disk Encrypted workstation to restart without requiring the user to authenticate with the DESlock+ pre-boot environment.  This may be used by system administrators that are working remotely and wish to restart Windows but there is no one physically present to enter credentials at the pre-boot screen. 

This feature can be useful when performing software updates or configuration changes that require restarts of Windows to complete.

This feature is optional and disabled by default.  Once the configured period or number of restarts without authentication has been reached authentication is required once more.

IMPORTANT: While Maintenance Mode is enabled on a workstation the system will boot with no authentication and thus is not secure from attack.


  • DESlock+ client v4.9.2 or later
  • Workstation is encrypted and using EFI boot mode to start
  • The user account enabling maintenance mode must have Windows system administrator rights
  • The password for the Full Disk Encryption admin user

Setup Guide

Step 1. Configure workstation to allow Maintenance Mode

Enable maintenance mode use on the PC by setting the following registry key:



A sample registry file can be downloaded here:

Simply unzip the file and apply the registry key to enable the maintenance mode functionality.

Step 2. Enabling Maintenance Mode

To put the system in Maintenance Mode the DESlock+ Command line tool is invoked with the maintenance command switch.  There are options to use a timed expiry, a number of reboots or both types together.  When both types are used whichever occurs first removes the Maintenance Mode state from the workstation.

When enabling Maintenance Mode the Full Disk Encryption admin user login password is required.  This can be passed on the command line or if the value is omitted the command will prompt the user to enter the password interactively.

Example usage:

Allow workstation to restart 4 times without authentication:

DlpCmd64 maintenance -b:4 -p:Enter Your Password Here

Please note, you must first navigate to the same directory as DlpCmd64.exe before entering the command. This is is C:\Program Files\DESlock+\

The command will confirm what has happened when processed successfully:

Allow workstation to restart 4 times without authentication prompting the user to enter the password interactively:

DlpCmd64 maintenance -b:4 -p:

Allow workstation to restart for the next 3 hours without authentication:

DlpCmd64 maintenance -h:3 -p:Enter Your Password Here

Allow workstation to restart without authentication until 8:30PM on March 11 2018 or until 6 reboots whichever occurs first.

DlpCmd64 maintenance -b:6 -d:3/11/2018 -t:20:30 -p:Enter Your Password Here


For additional help run DlpCmd64 maintenance with no switches for help display.

For 32bit systems the command is DlpCmd.

Specifying a time longer than 3 days time or more than 10 restarts will require that you confirm the choice by pressing Y.  This can be automated by passing the -n switch with the command to skip the warning.

Attempting to enable Maintenance Mode 3 times with an incorrect password, will require a system restart (and authentication used to boot) before further attempts can be made.

When calling the command line tool from for example a batch file, the exit code for a successfull command is 0.

Step 3. Leaving Maintenance Mode

Maintenance mode will be removed and normal startup behaviour will return automatically after the selected number of restarts or time passing.  Alternatively, you can manually remove the maintenance mode state from the system with the -r switch.

Removing maintenance mode from a system does not require a password.

Example usage:

DlpCmd64 maintenance -r 

Related Articles

KB186 - Using the DESlock+ Command Line Tool


Keywords : windows update IPMI

We use cookies on our website to enhance your browsing experience. Read more