Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Patch management and wake-on-LAN support with Full Disk Encryption (FDE)

    • Updated:
    • 17 Jul 2014
    • Product/Version:
    • Endpoint Encryption 3.0 Full Disk Encrypti
    • Endpoint Encryption 3.1 Full Disk Encrypti
    • Endpoint Encryption 5.0
    • Platform:
    • Windows 7 32-bit
    • Windows 8 32-bit
    • Windows 8 64-bit
    • Windows XP SP3 32-bit
Summary
This article addresses patch management and wake-on-LAN on FDE.
Details
Public
Endpoint Encryption does not support true wake-on-LAN requests because it may open up the pre-boot to repeated force attacks. This enhancement request is being reviewed by product management and under consideration for a future release.
On the other hand, you can perform patch management on FDE protected machines by using Command Line Helper and DAAutoLogin.
Below are the recommended steps in performing patch management:
  1. Push your patches to the targeted machines.
  2. Follow up with a script using DAAutoLogin.
  3. Send a reboot command so the machine comes back up to the Windows GINA for confirmation of successful patching or to push another round of patches.
Command Line Helper
The Command Line Helper tool enables you to pass encrypted values via your script to the FDE pre-boot. This tool must be run on a machine where FDE is installed. Command Line Helper is available in the tools folder via your downloaded zip file.
  1. Copy CommandLineHelper.exe locally to your FDE installed machine.
  2. Open a command window.
  3. Enter C:\CommandLineHelper.exe EncryptedValue (where encrypted value is the UsierID or Password you want to use).
  4. If you want an encrypted User Name and Password, you must run CommandLineHelper.exe two times and give it each value separately.
    For example, if your User Name is SMSUser, your command line helper string should read:
    C:\CommandLineHelper.exe SMSUser
  5. Click Return to display an encrypted value of =d8nDpqdTnmFK0JVUWnleJwI= Perform the same test for your User Name.
DAAutoLogin
The DAAutoLogin grants a one time bypass of the FDE pre-boot. DAAutoLogin can be used in various combinations to accomplish different needs. The most common use of this tool is to bypass the pre-boot after the initial installation and is completed during off-hours so the machine can begin encrypting in the background without disrupting the end-user.
The other recommended scenario in using this tool is for Patch Management. Patches can be pushed out, followed up with a script using DAAutoLogin, and sending a reboot command so the machine comes back up to the Windows GINA for confirmation of successful patching or to push another round of patches. DAAutoLogin is available in the tools folder via your downloaded zip file.
DAAugoLogin can accept the following switches:
DAAutoLogin <pre-boot Username> <pre-boot Password> [<Domain Name> <Domain Username> <Domain Password>]
Each required value can be passed and separated with a space. Adding in the domain switches allows you to log into Windows with the information provided.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install; Upgrade
Solution Id:
1059813
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.