PBA Administration
PBA Administration
Use the Control Center module PBA Administration to configure, re-configure, and administrate the PBA component of Matrix42 Full Disk Encryption.
Modifying PBA
- If you have not already done so, open the Control Center (as described in Section 1.5).
- Double-click the PBA Administration icon.
- The Administration password dialog appears:
- Enter the password and click OK.
- The PBA Administration dialog appears:
The options available in each of the tabs above have already been configured during installation. The descriptions for each tab/option can therefore be found in the relevant step in the installation chapter (refer to Related information below).
Related information
Refer to the following sections for further information about the options available for configuration in each of the tabs above:
Option | Details |
---|---|
Pre-Boot |
This tab allows you to configure the background image, keyboard layout, and Integrity checking used in PBA. |
Logfiles |
This tab allows you to configure if the PBA should generate log files and if so, the size, filename, and location of the log files. |
System locking
|
This tab allows you to configure how many times a user may enter a password incorrectly before being either locked out, or penalized by a time penalty. This locking feature is applicable only to user name/password authentication and not applicable for smartcard PIN. |
Users (credentials)
|
This tab allows you to configure which users are allowed to login to PBA using their Windows credentials. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab (and click Apply) before setting this. User name must not contain any of the following characters: / \ [ ] " : ; | < > + = , ? * % @ |
Users (smartcard)
|
This tab allows you to configure which smart card user is allowed to authenticate to PBA. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab. For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide. |
HelpDesk key
|
This tab allows you to configure the HelpDesk keys used for communication with a HelpDesk administrator in an emergency scenario. Once the HelpDesk is configured, you can activate Friendly Network. For details about Friendly Network, see Matrix42 FDE – Installation and Troubleshooting Guide. |
Pre-Boot options
|
This tab allows you to configure user interface options in the PBA such as PIN reset for smart cards, disabling switching between authentication methods, specifying screen resolution, etc. You can also configure the following options:
For details about all options, see Matrix42 FDE – Installation and Troubleshooting Guide. |
ERI settings
|
This tab allows you to configure whether the password used to protect ERI files should be used, and if it is used, the minimum number of characters the password should have. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab (and click Apply) before setting this. |
Smart card settings
|
This tab allows you to configure which smart card reader and PKCS#11 provider Matrix42 Full Disk Encryption should use for authentication. For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide. |
Certificates
|
This tab allows you to configure the methods of certificate recognition that are to be used for authentication. |
Single sign-on
|
This tab allows you to configure which SSO mechanism Matrix42 Full Disk Encryption is to use. If the options are greyed-out, you must uncheck the option Disable PBA in the Pre-boot options tab. For further information, refer to Matrix42 FDE – Installation and Troubleshooting Guide. |
Perform configuration
|
This tab automatically appears (or is switched to) when you click Apply to transfer any settings to the PBA component. It only displays the status of the data transfer. |
If you temporarily disable PBA, no configuration can be performed during this time. If you want to configure the PBA, reactivate it.
If you intend to make configuration changes to PBA and also disable it then this must be done in two steps:
- Make any configuration changes to PBA (and click Apply)
- Disable PBA (and click Apply)
Or if the PBA is already deactivated…
- Reenable PBA (and click Apply)
- Make any configuration changes (and click Apply)
- Disable PBA (and click Apply)
Once you have made your selection, click Apply to transfer them to the PBA component. The new settings will be available at the next restart. Click OK to close the PBA administration dialog.