BIOS pre-boot authentication

If the Disk Protection PBA has been installed on a legacy BIOS system, the authentication will work as follows.

Authentication with user name, password and domain name

If you enabled the Local user access or Domain user access (with password) authentication methods in the Pre-boot authentication settings, DriveLock Disk Protection displays the following screen:

If both authentication options Local login and/or Domain user (with password) are enabled, you can switch to the smartcard login screen by pressing the F2 key.

The Domain name field lists all available domains if Domain user access (password) is allowed. The local system name may also be entered in this field. Use the [arrow-up] and [arrow-down] to scroll through the list of available domain names.

In case of consecutive failed pre-boot authentication attempts, the lockout policy is enforced to prevent password guessing. To view details of failed logon attempts and other events use the Windows Event Viewer.

If a user can no longer log on to the system (for example, the user does not remember the correct password), it is possible to start the emergency logon procedure with a user name.

Authentication with smartcard/token and PIN

If the Disk Protection authentication methods Domain user access (with token) or Access with Shared Key are enabled, then the Pre-boot authentication window will look like the one shown below:

If both authentication options Local login and/or Domain user (with password) are enabled, you can switch to the Username/Password/Domain name screen by pressing the F1 key.

At this point, the user can authenticate to the system using their smartcard/token and PIN. Please note that in the case of consecutive failed pre-boot authentication attempts, the lockout policy is enforced to prevent PIN guessing (open the system event log for more details on failed login attempts and other events).

If a user does not remember the correct PIN and therefore cannot log on to the system, the emergency logon procedure for token users can be started.