Skip to main content
Matrix42 Self-Service Help Center

PBA Administration

PBA Administration

Use the Control Center module PBA Administration to configure, re-configure, and administrate the PBA component of Matrix42 Full Disk Encryption.

Modifying PBA

  • If you have not already done so, open the Control Center (as described in Section 1.5).
  • Double-click the PBA Administration icon.
  • The Administration password dialog appears:

clipboard_e21a45e7f38dc918d76d55dd0aa377c1c.png

  • Enter the password and click OK.
  • The PBA Administration dialog appears:

clipboard_e187cdacbc75dda58decbe316b30555f0.png

The options available in each of the tabs above have already been configured during installation. The descriptions for each tab/option can therefore be found in the relevant step in the installation chapter (refer to Related information below).

Related information

Refer to the following sections for further information about the options available for configuration in each of the tabs above:

Option Details

Pre-Boot

This tab allows you to configure the background image, keyboard layout, and Integrity checking used in PBA.

Logfiles

This tab allows you to configure if the PBA should generate log files and if so, the size, filename, and location of the log files.

System locking

 

This tab allows you to configure how many times a user may enter a password incorrectly before being either locked out, or penalized by a time penalty. This locking feature is applicable only to user name/password authentication and not applicable for smartcard PIN.

Users (credentials)

 

This tab allows you to configure which users are allowed to login to PBA using their Windows credentials. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab (and click Apply) before setting this.
The password for PBA must be no longer than 32 symbols.

User name must not contain any of the following characters: / \ [ ] " : ; | < > + = , ? * % @

Users (smartcard)

 

This tab allows you to configure which smart card user is allowed to authenticate to PBA. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab.

For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide.

HelpDesk key

 

This tab allows you to configure the HelpDesk keys used for communication with a HelpDesk administrator in an emergency scenario.

Once the HelpDesk is configured, you can activate Friendly Network.

For details about Friendly Network, see Matrix42 FDE – Installation and Troubleshooting Guide.

Pre-Boot options

 

This tab allows you to configure user interface options in the PBA such as PIN reset for smart cards, disabling switching between authentication methods, specifying screen resolution, etc.

You can also configure the following options:

  • Disable PBA: temporarily deactivate PBA so that the computer can be rebooted without the need for authentication in the PBA. This can be permanent or configurable for ‘n’ reboots.
  • Reenable PBA after ‘n’ reboots: use this option together with Disable PBA to allow the user/admin to reboot the computer a specific number of times before the PBA is automatically re-enabled.
  • Power off PBA after ‘n’ seconds: set whether the PBA should power off the computer if the PBA is left unattended for a configurable number of seconds.

For details about all options, see Matrix42 FDE – Installation and Troubleshooting Guide.

ERI settings

 

This tab allows you to configure whether the password used to protect ERI files should be used, and if it is used, the minimum number of characters the password should have. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab (and click Apply) before setting this.

Smart card settings

 

This tab allows you to configure which smart card reader and PKCS#11 provider Matrix42 Full Disk Encryption should use for authentication.

For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide.

Certificates

 

This tab allows you to configure the methods of certificate recognition that are to be used for authentication.

Single sign-on

 

This tab allows you to configure which SSO mechanism Matrix42 Full Disk Encryption is to use. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab.

For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide.

Perform configuration

 

This tab automatically appears (or is switched to) when you click Apply to transfer any settings to the PBA component. It only displays the status of the data transfer.

If you temporarily disable PBA, no configuration can be performed during this time. If you want to configure the PBA, reactivate it.

If you intend to make configuration changes to PBA and also disable it then this must be done in two steps:

  • Make any configuration changes to PBA (and click Apply)
  • Disable PBA (and click Apply)

Or if the PBA is already deactivated…

  • Reenable PBA (and click Apply)
  • Make any configuration changes (and click Apply)
  • Disable PBA (and click Apply)

Once you have made your selection, click Apply to transfer them to the PBA component. The new settings will be available at the next restart. Click OK to close the PBA administration dialog.

  • Was this article helpful?