If you use role-based administration:
- You must have the Policy
setting - full disk encryption right to edit a full disk
- You cannot edit a policy if it is
applied outside your active sub-estate.
- In the full disk encryption policy, the Enable Power-on
Authentication field must be selected.
For more information, see About roles and sub-estates.
By default, computers who use a full disk encryption policy are protected by
Power-on Authentication. You can temporarily deactivate the Power-on Authentication for
Wake on LAN, for example to facilitate patch management. Wake on LAN is activated by
running the scheduling script SGMCMDIntn.exe on the endpoint computer.
the POA - even for a limited number of boot processes - reduces the level of
security of your system.