If you use role-based administration:
- You must have the Policy
setting - full disk encryption right to edit a full disk
- You cannot edit a policy if it is
applied outside your active sub-estate.
For more information, see About roles and sub-estates.
By default, computers that use a full disk encryption policy are protected by
To configure how users log on at the Power-on
Authentication on their computers:
Check which full disk encryption policy is used by the group or groups of
computers you want to configure.
In the Policies pane, double-click Full disk
encryption. Then double-click the policy you want to
The Full Disk Encryption dialog box is
Go to Power-on Authentication (POA).
Make sure that Enable Power-on Authentication is
In addition, you can specify Windows accounts that can log on to endpoint
computers for post-installation tasks without activating the Power-on
Click the Exceptions button next to the
Enable Power-on Authentication field.
The Exceptions dialog box is
Click Add, enter the User
name and the Computer or Domain
Name of the relevant Windows account(s) and click
Note: In the fields User name and
Computer or Domain Name you can use
wildcards as the first or last character. In the User
name field, the ? character is not allowed. In the
Computer or Domain Name field, the
characters / \ [ ] : ; | = , + ? < > " are not allowed.
Select Fingerprint, to enable users to log on with
Lenovo Fingerprint Reader.
To specify a user who can log on to the endpoint computer for administrative
tasks when the Power-on Authentication is already active, select POA
user and click the Configure
In the Configure POA User dialog box, enter a
logon name of your choice for the POA user in the User
name field. You can freely define the logon name, with
the following exceptions:
Note: In the User name field, the characters / \
[ ] : ; | = , + ? < > " * are not allowed.
Note: When setting up and entering logon names for POA users in
Japanese, you have to use Romaji (Roman) characters to successfully
log on at the POA.
Click the Set button next to the
The POA User Password dialog box is
Enter and confirm a password for the POA user account and click
Note: When setting up and entering passwords for POA users in Japanese,
you have to use Romaji (Roman) characters to successfully log on at
In the Configure POA User dialog box, click
To configure the temporary deactivation of the Power-on Authentication for Wake
on LAN, select Temporary deactivation (for Wake on
In the Full Disk Encryption dialog box, click
Note: If you clear Enable Power-on Authentication, you are
prompted to confirm if you want to disable Power-on Authentication or not. For
security reasons, we strongly recommend that you click No to
keep Power-on Authentication enabled. Deactivating Power-on Authentication reduces
system security to Windows logon security and increases the risk of unauthorized
access to encrypted data.