How to correctly authenticate at the BootGuard screen (Windows XP/Windows Vista/Windows 7/Mac/Windows 8 UEFI)

book

Article ID: 181597

calendar_today

Updated On:

Products

Drive Encryption

Issue/Introduction

 

Resolution

How to correctly authenticate at the simple PGP BootGuard screen (Windows XP/Windows Vista/Windows 7)

 

1. Single Sign-On (SSO) Users: SSO users simply enter their Windows password and are automatically logged in to Windows. There is no need to select a domain name at the PGP BootGuard and a domain name does not need to be configured in the policy on the Symantec Encryption Management Server.

 

2. Regular passphrase users: All passphrase users need to enter their passphrase and Windows will load.  When Windows is loaded, users must enter their Windows password.

 

3. Token users: Token users will have to enter the PIN of their eToken and press CTRL + ALT at the PGP BootGuard screen. When Windows is loaded, the user will have to log in to Windows using their password.

Note: It is possible to be an eToken user, log into the PGP BootGuard and then also be automatically logged in to Windows.  However, this is only supported if Certificate Enrollment is used. For more information about the Certificate Enrollment please refer to the following KB article. http://www.symantec.com/docs/TECH173970

 

 4. Administrators: If an Administrator passphrase was preconfigured in the policy, the Administrators can also log in at the PGP BootGuard screen seen below.  When Windows is loaded, the Administrator will have to log in to Windows using his password.

 

How to correctly authenticate at the detailed PGP BootGuard screen (Windows XP/Windows Vista/Windows 7)

 

1. SSO users: SSO users will have to enter their name, passphrase and select the domain. The domain name can be preset in the policy of the Symantec Encryption Management Server so that the users don't have to enter it manually.  

 

2. Regular passphrase users: All passphrase users will enter their name, passphrase and select This Computer. When Windows is loaded, the users will have to log in to Windows using their SSO password.

 

3. Token users: Token users will have to press F7 and then enter the PIN of the eToken. When Windows is loaded, the users will have to log in to Windows using their SSO password.

Note: It is possible to be an eToken user, log in to the PGP BootGuard and also be automatically logged in to Windows. But this is only supported if the Certificate Enrollment is used. For more information about the Certificate Enrollment please refer to the following KB article. http://www.symantec.com/docs/TECH173970

 

 4. Administrators: If an Administrator passphrase was preconfigured in the policy the Administrators can log in at the bootguard using F5. When Windows is booted the Administrator will have to log in to Windows using his/her SSO password.

 

Note: For more information about the login options of the detailed bootguard screen. Please refer to the following KB article. http://www.symantec.com/docs/TECH171035


 

 

 

Authenticating at the bootguard screen on Windows 8 using BIOS in UEFI mode:

1. For a passphrase user enter the User Name and PGP Passphrase and press Enter.

Options:

Esc will reboot the computer.

F2 allows you can change the language of the keyboard layout.

F3 makes the passphrase visible that you are typing.

F4 opens the help menu of the PGP BootGuard screen.

Note: Using a token for authentication is not currently supported with Windows 8.

 

Authenticating on a Mac OS X system:

 

On a Mac OS X system, only passphrase authentication method is supported.  Users will need to enter their name and passphrase.

 

 

Authenticating on Windows when using Boot Camp:

Users will have to log in using their name, passphrase and then as a domain they will have to select the computer name, which will appear in the drop down menu in the domain field. The option "This Computer" will not work.

It is also possible to switch to the simple PGP BootGuard screen in the policy on the Symantec Encryption Management Server and the users will then only have to enter their passphrase.

Attachments