Starting Full Disk Encryption using the ESET Endpoint Encryption Server (managed)
If you are using ESET Endpoint Encryption (EEE) in a managed environment using an EEE Server, and your Users are licenced with an EEE Pro licence, then you can send a Full Disk Encryption command to their Workstations.
To issue a Full Disk Encryption (FDE) command to a Workstation, you will need to select the User associated with the Workstation and double click on the user to open a new window called the User Card.
Clicking on the Workstation tab, you will see all of the Workstations which the User is associated with. You will also be able to see the FDE status of the workstation under the FDE status column.
Highlight the Workstation you wish to send an FDE command to and then click the Full Disk Encryption button.
This will start the FDE wizard as seen below. If you do not wish to see the initial FDE wizard window in future, then put a tick in the box next to Don't show this page again and click the Next button.
You will now be shown the Compatibility Checks stage of the FDE wizard. This stage will inform you if there are any incompatibilities on the Workstation to which you are about to send the command.
Providing there are no compatibility issues raised, you will be able to choose the security mode.
This article shows the process without using the TPM hardware, to follow the TPM security method please follow this article: KB442 - Starting Full Disk Encryption using a TPM (Trusted Platform Module)
If you are unsure about the different security methods, please read this article: KB430 - Trusted Platform Module (TPM) Support
In the next stage of the FDE wizard, you will be able to set the FDE login credentials (username and password) for the User. If you would like EEE to synchronize the FDE password with the User's Windows password, then you may wish to use Single Sign-On (SSO) instead. For more information about SSO, please read this article: KB187 - What is Single Sign-On (SSO)
Once you have set the FDE details for the User, click Next.
If this is the first FDE command that you are sending from the EEE Server, then you will be prompted to set the FDE Admin username and password. The FDE admin username and password is sticky, meaning it will be remembered for each subsequent FDE command you send to other Workstations. When setting your FDE Admin username and password, it is not advisable for it to be the same as the EEE Server Admin username and password, as doing so would compromise the security if someone were to discover what the credentials are. Click Next to continue.
The next stage of the FDE wizard will give you the option of either encrypting the whole disk or encrypting specific partition(s) of the disk. The screenshot below depicts that the whole disk will be encrypted. Once you have specified what will be encrypted, click the Next button.
Finally, you are asked what start modes the encryption will use.
It is always recommended that you select Safe Start.
For more information about Safe Start please click here - KB177 - What is Full Disk Encryption Safe Start?.
Click the Start button to send the FDE command to the target Workstation. This will be apparent by the workstation icon being orange and also under the FDE status the status will be set as Start FDE Pending.
For the FDE command to be processed by the workstation, you can either:
1. Wait for the background check period to elapse (by default this is every 60 minutes)
2. Manually synchronize the client as shown by this article: KB195 - How do I manually synchronise the ESET Endpoint Encryption Client and Server?
Once the FDE command has been processed, the client machine will either restart the system to perform Safe Start or start the FDE process immediately, depending on the start mode selected above.
Keywords: Full Disk Encryption start initiate hard drive whole