Administrator Guide

Table Of Contents

PBA Device Control

PBA Device Control applies to endpoints encrypted with SED or Full Disk Encryption.

Use PBA Device Control

PBA commands for a specific endpoint are carried out in the PBA Device Control area. Each command has a priority ranking.

A command with a higher priority rank cancels commands of lower priorities in the enforcement queue. For a list of command

priority rankings, see AdminHelp available by clicking the ? in the Remote Management Console. The PBA Device Controls are

available on the Endpoint Details page of the Remote Management Console.

The following commands are available in PBA Device Control:

● Lock - Locks the PBA screen and prevents any user from logging into the computer.

● Unlock - Unlocks the PBA screen after it has been locked on this endpoint, either by sending a Lock command or by

exceeding the maximum number of authentications attempts allowed by policy.

●

Remove Users - Removes all users from the PBA.

● Bypass Login - Bypasses the PBA screen one time to allow a user into the computer without authenticating. The user will

still need to login to Windows after PBA has been bypassed.

● Wipe - The Wipe command functions as a “restore to factory state” for the encrypted drive. The Wipe command can

be used to re-purpose a computer or, in an emergency situation, wipe the computer, making the data permanently

unrecoverable. Ensure that this is the desired behavior before invoking this command. For Full Disk Encryption, the Wipe

command cryptographically erases the drive and the PBA is removed. For SED, the Wipe command cryptographically erases

the drive and the PBA displays "Device Locked". To re-purpose the SED, remove the PBA with the SED Recovery app.

46 PBA Device Control