If performing automated and mass deployments, use the tools described in Automated Deployments. This section describes automatic deployment information specific to Full Disk Encryption.
Disable Encryption During Deployment
The table below explains how to disable encryption centrally from one of the management consoles. Temporarily disable drive encryption to minimize end user impact and simplify mass deployment. Once device compatibility is confirmed, optionally re-enable encryption.
If you are performing a mass deployment, to simplify installation and minimize user impact, you may want to disable encryption. You can enable encryption at a later time to encrypt all devices simultaneously or when fewer users may be affected.
Depending on your primary management console, do the following to disable encryption during employment.
|
Console |
Policy Setting |
|---|---|
|
PolicyServer MMC |
Go to and select No. |
|
Control Manager |
Access a new or existing policy () and then deselect Encrypt device under Full Disk Encryption. |
Full Disk Encryption Script Example
The following is an example script to use for automated deployment. Use Command Line Helper to encrypt necessary credentials, and use Command Builder to generate the deployment script.
For example, the following values are placed into Command Builder:
|
Hostname |
PolicyServer.mycompany.com |
|
Enterprise Name |
MyCompany |
|
Username |
GroupAdministrator |
|
Password |
123456 |
|
Path to FDE Installer |
C:\Program Files\Trend Micro\Full Disk Encryption\TMFDEInstaller.exe |
In this example, under Encryption Options, the fields Username and Password are selected.
Output to install Full Disk Encryption:
C:\Program Files\Trend Micro\ Full Disk Encryption\TMFDEInstaller.exe ENTERPRISE=MyCompany HOST= PolicyServer.mycompany.com eUSERNAME==jJUJC/Lu4C/Uj7yYwxubYhAuCrY4f7AbVFp5hKo2PR4O ePASSWORD==5mih67uKdy7T1VaN2ISWGQQ=