Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Checkpoint Endpoint - Preboot

Dear team,

After installing checkpoint endpoint, I rename my computer, and join domain. But it doesn't update on the pre-boot screen. Please help me to fix it.

Thank you!

Capture.PNG

0 Kudos
6 Replies
Highlighted
Sapphire

I would involve TAC here !

Highlighted
Nickel

Is it just a problem on this one machine, or more than one?

I'd check a few basic things to begin with....

Is your Organization Scanner running within SmartEndpoint and can you see your machine under Users and Computers? 

Do you have specific FDE policies setup on the OU that your machine resides in, or is it picking up the Default policy?

Does the machine get all the latest policies when you do an update now on the client machine?

 

Highlighted

Dear guy,
- Is your Organization Scanner running within SmartEndpoint and can you see your machine under Users and Computers? -> Yes.
- Do you have specific FDE policies setup on the OU that your machine resides in, or is it picking up the Default policy? -> I try to test by changing some policies.
- Does the machine get all the latest policies when you do an update now on the client machine? -> Yes.
0 Kudos
Highlighted
Nickel

Normally I would add the computer to the domain first and then install checkpoint after that.

Sometimes when we see strange things happening with clients, such as not being able to download updated policies etc, we rerun the checkpoint installer on the machine and that sorts it, you could try that.

Highlighted

It's very hard to operate :(. Please help me to give some experiences about FDE and Media & Port encryption
0 Kudos
Highlighted
Silver

Well the way that rolls out here where i work is via SCCM

 

Machine boots and is picked up that re-images

Connects with the SCCM and starts to clean install Windows Image as part of which joins the domain

Then it installs the Deployment Agent so already domain joined when deployed the agent.

 

After imaging the the DA communicates with the Endpoint Server and pulls down appropriate blades and policies using the deployment policies.

Other places I knew included the FDE Blade in the SCCM installation package

 

You really need to have the FDE policy in place before putting the Blades on machines, things like password sync if synching your pre-boot and windows login etc.

Not everyone does this as they specifically require seperate logins 

 

I believe that this also makes a difference in terms of machine id and the recovery file that should be used to decrypt the box if neccessary.