Use the Command Line Helper and DAAutoLogin together to run Windows patch management on devices with Full Disk Encryption installed. Command Line Helper creates encrypted values for scripts and DAAutoLogin grants a one-time bypass of the Full Disk Encryption Preboot.
Use DAAutoLogin in various combinations to accomplish different needs. Patches can be pushed out, and followed by a script using DAAutoLogin to send a reboot command for the device to display the Windows GINA for confirmation of successful patching or to another round of patches can be deployed.
DAAutoLogin accepts the following switches:
DAAutoLogin <pre-boot Username> <pre-boot Password> [<Domain Name> <Domain Username> <Domain Password>]
Each required value can be passed and separated with a space. Adding in the domain switches allows for Windows authentication.
Make sure to run both tools on a Full Disk Encryption device.
Both tools are available in the tools folder of the zip file received from Trend Micro. For assistance, contact Trend Micro Support.
Command Line Helper enables encrypted values to pass via the installation script to the Full Disk Encryption preboot and installer. You can manually use Command Line Helper to generate encrypted values of strings for installation scripts or patch management.
The Command Line Helper tool is part of the PolicyServer installation package. Go to Trend Micro Download Center, select the Endpoint Encryption, and download the PolicyServer package.
The Command Line Helper tool is located in the following directory:
<download_directory>\TMEE_PolicyServer\Tools\Command Line Helper
cd C:\TMEE_PolicyServer\Tools\Command Line Helper
It may be easier to copy the generated value directly from a text file.
In that case, the above example would be modified as follows:
CommandLineHelper.exe examplepassword > file.txt
The Command Line Helper produces an encrypted string.