This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tuyen_Van_Huy
Participant
‎2020-02-10 05:17 AM

Checkpoint Endpoint - Preboot

Dear team,

After installing checkpoint endpoint, I rename my computer, and join domain. But it doesn't update on the pre-boot screen. Please help me to fix it.

Thank you!

Capture.PNG

Preview file
52 KB
0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-02-10 06:39 AM

I would involve TAC here !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
J_B
Collaborator
‎2020-02-10 08:10 AM

Is it just a problem on this one machine, or more than one?

I'd check a few basic things to begin with....

Is your Organization Scanner running within SmartEndpoint and can you see your machine under Users and Computers? 

Do you have specific FDE policies setup on the OU that your machine resides in, or is it picking up the Default policy?

Does the machine get all the latest policies when you do an update now on the client machine?

 

Tuyen_Van_Huy
Participant
‎2020-02-10 07:05 PM
In response to J_B

Dear guy,
- Is your Organization Scanner running within SmartEndpoint and can you see your machine under Users and Computers? -> Yes.
- Do you have specific FDE policies setup on the OU that your machine resides in, or is it picking up the Default policy? -> I try to test by changing some policies.
- Does the machine get all the latest policies when you do an update now on the client machine? -> Yes.
0 Kudos
J_B
Collaborator
‎2020-02-11 01:13 AM
In response to Tuyen_Van_Huy

Normally I would add the computer to the domain first and then install checkpoint after that.

Sometimes when we see strange things happening with clients, such as not being able to download updated policies etc, we rerun the checkpoint installer on the machine and that sorts it, you could try that.

Tuyen_Van_Huy
Participant
‎2020-02-11 08:38 AM
In response to J_B

It's very hard to operate :(. Please help me to give some experiences about FDE and Media & Port encryption
0 Kudos
mdjmcnally
Advisor
‎2020-02-11 10:55 AM
In response to Tuyen_Van_Huy

Well the way that rolls out here where i work is via SCCM

 

Machine boots and is picked up that re-images

Connects with the SCCM and starts to clean install Windows Image as part of which joins the domain

Then it installs the Deployment Agent so already domain joined when deployed the agent.

 

After imaging the the DA communicates with the Endpoint Server and pulls down appropriate blades and policies using the deployment policies.

Other places I knew included the FDE Blade in the SCCM installation package

 

You really need to have the FDE policy in place before putting the Blades on machines, things like password sync if synching your pre-boot and windows login etc.

Not everyone does this as they specifically require seperate logins 

 

I believe that this also makes a difference in terms of machine id and the recovery file that should be used to decrypt the box if neccessary.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events