This article details the usage and implementation of the Symantec Endpoint Encryption Autologon Utility for version 11.x and above. The Autologon Utility allows a system to restart one or more times without requiring a user to authenticate at the Symantec Endpoint Encryption preboot authentication screen. This is useful when a reboot is required while there is not a user physically present at the machine. Software deployment and patch management situations are some examples. The utility may also be used to permanently disable the preboot authentication screen for situations that require it.
Note: Since it removes the need to authenticate to the preboot authentication screen, using the Autologon utility weakens the protection that the Drive Encryption provides. Pay extra attention to the physical security of the machine while the Autologon utility is enabled.
The Autologon utility is deployed to clients as an MSI. Once the Autologon utility is installed on a client, its settings can be controlled via policy (GPO or SEE Native Policies) or by using the Drive Encryption Administrator Command Line utility on the client machine.
Process Overview:
After the client MSI has been installed, the settings can be managed in one of the following ways:
Active Directory Group Policy
Inside Group Policy Editor:
Note: For more information on managing Active Directory Group Policy settings for Symantec Endpoint Endpoint Encryption, please see the Symantec Endpoint Encryption Policy Administrator Guide for the version you are using
Symantec Endpoint Encryption Native Policy
Inside the Symantec Endpoint Encryption Management Console:
Note: For more information on managing Symantec Endpoint Encryption Native Policy settings, please see the Symantec Endpoint Encryption Policy Administrator Guide for the version you are using
Drive Encryption Administrator Command Line Interface
Sample Commands:
To be run from the C:\Program File\Symantec\Endpoint Encryption Clients\Drive Encryption
directory inside Command Prompt
In the below examples, replace <Client Admin Username>, <Client Admin Password>, and <Number of bypasses> with the appropriate values
Check Status of Autologon:
eedadmincli --check-autologon --au <Client Admin Username> --ap <Client Admin Password>
Enable Autologon (The count option is optional with a default of 1 if not specified):
eedadmincli --enable-autologon --count <Number of bypasses> --au <Client Admin Username> --ap <Client Admin Password>
Disable Autologon:
eedadmincli --disable-autologon --au <Client Admin Username> --ap <Client Admin Password>
Note: For more information on the Administrator Command Line Interface, please see the Symantec Endpoint Encryption Drive Encryption Administrator Command Line Guide for the version you are using.