How to start a system that is Full Disk Encrypted
When the system boots you will be presented with a menu that contains some options as shown below. To start the machine and boot into Windows, press the enter key with the 1. Start System item selected. You will be prompted for your username and password. Once these are entered correctly the system will continue to load Windows.
The images below show what is displayed at the FDE login screen for both UEFI and Legacy workstations:
When attempting to boot the machine you may receive an error message if the login is unsuccessful, the possible error messages are detailed below:
User not found
Indicates the username being entered is incorrect. This can also be displayed if the machine has been disabled on purpose from the Enterprise Server. In most cases the username being entered will be incorrect.
If you have sent a remote disable command as described in the article below, you may also receive a 'User not found' message:
ACCESS DENIED - PRESS ANY KEY/ The Password is incorrect. Try again.
Indicates the username was recognised but the password is incorrect.
If you are being returned the ACCESS DENIED message you should check the following:
User is disabled
Indicates that the correct username was entered but previously too many incorrect passwords have been used and the account is now disabled. Even if the correct credentials for that user are now supplied the system will not boot. You will need to start the system using a different user account or if it is managed by an Enterprise Server a recovery password as detailed below.
Recovery Method from Access Denied or User is Disabled
If the system is managed by an Enterprise Server then it is possible to boot the machine using a recovery password and set a new password for the user. Recovery passwords are obtained from your Enterprise Server help desk. Please see this article for details of the recovery process: How do I reset a managed user's Full Disk Encryption password?
On a standalone system the Lost Details menu item does not perform any action.
When starting Full Disk Encryption there are two login accounts created as part of the start process. These will be an admin login and a user login. Further user logins can be added once encryption has started.
The admin login can be used in the circumstance that the user logins are not functioning. Depending if the system is managed by an Enterprise Server or standalone the procedure to find the admin password that was used is different as detailed below.
Enterprise Server Managed
Normally the recovery logins would be used in a managed environment. However if for some reason that is not possible the admin account will allow the system to boot. Your admin should know the details of this login and be able to use them to boot the system. If they are unable to remember the admin password that was specified, it can be viewed from the Enterprise Server by following the steps below:
The standalone client forces the admin password to be saved when Full Disk Encryption is started. This account is linked to the username 'admin'. There are more details of this login here: Why do I need an admin password?
Keywords: forgotten locked keyboard wireless bluetooth start fde full disk encrypted pre boot login access denied user is disabled not found