1 2 3 Previous Next 26 Replies Latest reply on Apr 8, 2010 10:02 AM by SafeBoot

    Autoboot

    gldnju

      Does "Allow Autoboot user to be managed locally" option have to be checked, along with unchecking "Disable checking for Autoboot" for the Autoboot function to work properly?

       

      I created a machine with only having the "Disable checking for Autoboot" unchecked, and it DID NOT bypass PBA.

        • 1. Re: Autoboot
          gldnju

          I apologize, sbadmcl command did not work

          • 2. Re: Autoboot

            Yes it does need to be checked (I believe).

             

             

            on 4/6/10 12:31:57 PM EDT
            • 3. Re: Autoboot

              you need to create and deploy a proper $autoboot$ user as well of course? The options you're toying with only give the 'capacity' to be insecure, they don't make it happen.

               

              the "allow autoboot to be managed locally" etc option enables the disablesecurity command in the api. It's a different way of doing the same thing.

              • 4. Re: Autoboot
                gldnju

                I noticed in SB 4.2, in client file groups, there is a group called Command line files.  I can check this group in the machine file properties.

                 

                In EE 5.2, in client file groups, Command line files group is there, but I CAN'T check on the group in the machine file properties (it's not showing).

                 

                Is this the reason autoboot isn't working?

                • 5. Re: Autoboot

                  no. The api has nothing to do with AutoBoot, it just lets you locally manage it, and I'm doubtful that's what you really want?

                   

                  Best thing would for you to get some professional help - Although technically it's simple to make all your machines boot automatically, the implications, ie not being secure any more, not being protected against data disclosure laws etc, are much bigger and require more thought.

                  • 6. Re: Autoboot
                    gldnju

                    I guess I'm not wording my question correctly.

                     

                    The file group which contains the file SBADMCL.exe, does that need to be added to the machines files to run sbadmcl -command:disablesecurity?

                     

                    If so, does the properties of that file group (with sbadmcl) need to be set to client files or administration system files?

                    • 7. Re: Autoboot

                      you need sbadmcl.exe and sbadmdll.dll to be in the client directory, one way of doing that as you say is to deploy them through EEM. It needs to be client files to appear on the machine properties window.

                      • 8. Re: Autoboot
                        gldnju

                        Ok, got it.

                         

                        In EEM --> System tab --> Endpoint Encryption File groups --> "Command line file group" (the group that contains sbadmcl, sbadmdll.dll and sbadmcom.dll) If I right click on "Command line file group" and select Properties --> click on the Content icon --> under Group Content Types, do I select Client Files or Adminstration System Files, before creating the install set?

                         

                         

                        Message was edited by: gldnju on 4/6/10 1:59:32 PM GMT-05:00
                        • 9. Re: Autoboot

                          as above - if you want to deploy it to a client, give it client file properties.

                          1 2 3 Previous Next