DESlock+ Support DESlock+ Support
Knowledgebase: DESlock+
How to start a system that is Full Disk Encrypted
Article ID: KB470 email a link to this article

When the system boots you will be presented with a menu that contains some options as shown below.  To start the machine and boot into Windows, press the enter key with the 1. Start System item selected.  You will be prompted for your username and password.  Once these are entered correctly the system will continue to load Windows.

The images below show what is displayed at the FDE login screen for both UEFI and Legacy workstations:

KB464 - Why do I not see the new graphical FDE login screen?

 

  

 

When attempting to boot the machine you may receive an error message if the login is unsuccessful, the possible error messages are detailed below:

 

User not found

Indicates the username being entered is incorrect.  This can also be displayed if the machine has been disabled on purpose from the Enterprise Server.  In most cases the username being entered will be incorrect.

   

If you have sent a remote disable command as described in the article below, you may also receive a 'User not found' message:

KB257 - How to remotely disable a workstation

 

ACCESS DENIED - PRESS ANY KEY/ The Password is incorrect. Try again.

Indicates the username was recognised but the password is incorrect.

  

If you are being returned the ACCESS DENIED message you should check the following:

  • Ensure that the password you are entering is correct.  Passwords are case sensitive
  • Pressing the F5 key while entering your password will allow the characters to be displayed on screen in order to verify what you are typing is being received by the system as you expect.  You should only do this while no one is observing your entry.

 

User is disabled

Indicates that the correct username was entered but previously too many incorrect passwords have been used and the account is now disabled.  Even if the correct credentials for that user are now supplied the system will not boot.  You will need to start the system using a different user account or if it is managed by an Enterprise Server a recovery password as detailed below.

  

Recovery Method from Access Denied or User is Disabled

If the system is managed by an Enterprise Server then it is possible to boot the machine using a recovery password and set a new password for the user.  Recovery passwords are obtained from your Enterprise Server help desk.  Please see this article for details of the recovery process: How do I reset a managed user's Full Disk Encryption password?

 

 

  • No recovery information - This indicates that you have attempted to use option 2. Lost details for a user that exists on the system but does not have recovery information.  The Lost Details menu is used for clients managed by an Enterprise Server only as detailed in the Recovery Logins section below.  Attempting to use this menu with a standalone client will result in this warning.

 

 

On a standalone system the Lost Details menu item does not perform any action.

Administrator logins

When starting Full Disk Encryption there are two login accounts created as part of the start process.  These will be an admin login and a user login.  Further user logins can be added once encryption has started.

The admin login can be used in the circumstance that the user logins are not functioning.  Depending if the system is managed by an Enterprise Server or standalone the procedure to find the admin password that was used is different as detailed below.

Enterprise Server Managed

Normally the recovery logins would be used in a managed environment.  However if for some reason that is not possible the admin account will allow the system to boot.  Your admin should know the details of this login and be able to use them to boot the system.  If they are unable to remember the admin password that was specified, it can be viewed from the Enterprise Server by following the steps below:

  • Login to your Enterprise Server.
  • Select the Workstations branch of the left hand tree view.
  • Select the workstation in the list.
  • Click the Details button.
  • Select the FDE Logins tab.
  • Select the admin user in the FDE Logins list (they will have a red user icon and type of Admin).
  • Click the Change button.
  • Click the Set Password tickbox.
  • Click the Show button.
  • The admin password that was set when you sent the encryption command will be displayed.
  • Click Cancel.

 

 

Standalone

The standalone client forces the admin password to be saved when Full Disk Encryption is started.  This account is linked to the username 'admin'.  There are more details of this login here: Why do I need an admin password?

 

Keywords: forgotten locked keyboard wireless bluetooth start fde full disk encrypted pre boot login access denied user is disabled not found


We use cookies on our website to enhance your browsing experience. Read more