Configure temporary POA deactivation for Wake on LAN

If you use role-based administration:

You must have the Policy setting - full disk encryption right to edit a full disk encryption policy.
You cannot edit a policy if it is applied outside your active sub-estate.
In the full disk encryption policy, the Enable Power-on Authentication field must be selected.

For more information, see About roles and sub-estates.

By default, computers who use a full disk encryption policy are protected by Power-on Authentication. You can temporarily deactivate the Power-on Authentication for Wake on LAN, for example to facilitate patch management. Wake on LAN is activated by running the scheduling script SGMCMDIntn.exe on the endpoint computer.

Note: Deactivating the POA - even for a limited number of boot processes - reduces the level of security of your system.

Check which full disk encryption policy is used by the group or groups of computers you want to configure.
See Check which policies a group uses.
In the Policies pane, double-click Full disk encryption. Then double-click the policy you want to change.
The Full Disk Encryption dialog box is displayed.
Under Power-on Authentication (POA), make sure that the Enable Power-on Authentication field is selected.
Select Temporary deactivation (for Wake on LAN) and click the Configure button.
The Configure Temporary Deactivation dialog box is displayed.
In the Start and End fields, specify the start and end time for the Wake on LAN process.
Select Allow Windows logon during this time to permit Windows logon during Wake on LAN, for example for software updates.
In the Auto logon limit field, specify how often the computer is restarted without authentication through the Power-on Authentication during Wake on LAN.

Note: We recommend that you allow three more restarts than necessary in case of any problems.
Click OK.