Configure logon

If you use role-based administration:

For more information, see About roles and sub-estates.

By default, computers that use a full disk encryption policy are protected by Power-on Authentication.

To configure how users log on at the Power-on Authentication on their computers:
  1. Check which full disk encryption policy is used by the group or groups of computers you want to configure.
  2. In the Policies pane, double-click Full disk encryption. Then double-click the policy you want to change.
    The Full Disk Encryption dialog box is displayed.
  3. Go to Power-on Authentication (POA).
  4. Make sure that Enable Power-on Authentication is selected.
    In addition, you can specify Windows accounts that can log on to endpoint computers for post-installation tasks without activating the Power-on Authentication:
    1. Click the Exceptions button next to the Enable Power-on Authentication field.
      The Exceptions dialog box is displayed.
    2. Click Add, enter the User name and the Computer or Domain Name of the relevant Windows account(s) and click OK.
      Note: In the fields User name and Computer or Domain Name you can use wildcards as the first or last character. In the User name field, the ? character is not allowed. In the Computer or Domain Name field, the characters / \ [ ] : ; | = , + ? < > " are not allowed.
  5. Select Fingerprint, to enable users to log on with Lenovo Fingerprint Reader.
  6. To specify a user who can log on to the endpoint computer for administrative tasks when the Power-on Authentication is already active, select POA user and click the Configure button.
    1. In the Configure POA User dialog box, enter a logon name of your choice for the POA user in the User name field. You can freely define the logon name, with the following exceptions:
      Note: In the User name field, the characters / \ [ ] : ; | = , + ? < > " * are not allowed.
      Note: When setting up and entering logon names for POA users in Japanese, you have to use Romaji (Roman) characters to successfully log on at the POA.
    2. Click the Set button next to the Password field.
      The POA User Password dialog box is displayed.
    3. Enter and confirm a password for the POA user account and click OK.
      Note: When setting up and entering passwords for POA users in Japanese, you have to use Romaji (Roman) characters to successfully log on at the POA.
    4. In the Configure POA User dialog box, click OK.
  7. To configure the temporary deactivation of the Power-on Authentication for Wake on LAN, select Temporary deactivation (for Wake on LAN).
  8. In the Full Disk Encryption dialog box, click OK.
Note: If you clear Enable Power-on Authentication, you are prompted to confirm if you want to disable Power-on Authentication or not. For security reasons, we strongly recommend that you click No to keep Power-on Authentication enabled. Deactivating Power-on Authentication reduces system security to Windows logon security and increases the risk of unauthorized access to encrypted data.