Patch Management with Full Disk Encryption

Use the Command Line Helper and DAAutoLogin together to run Windows patch management on devices with Full Disk Encryption installed.

  • Use Command Line Helper to create encrypted values for scripts

    For details, see Using the Command Line Helper.

  • Use DAAutoLogin in various combinations to accomplish different needs

    • After patches are pushed out, call DAAutoLogin inside scripts to:

      • Send a reboot command for the device to display the Windows GINA (graphical identification and authentication) component for confirmation of successful patching
      • Push another round of patches

      For details, see Patching Process for Full Disk Encryption.

    • To streamline the Window update process, use DAAutoLogin to skip the Full Disk Encryption Preboot multiple times

      For details, see Skipping the Preboot Screen.

Note:
  • Make sure to run both tools on a Full Disk Encryption device.

  • Both tools are available in the tools folder of the zip file received from Trend Micro. For assistance, contact Trend Micro Support.

Using the Command Line Helper

Command Line Helper enables encrypted values to pass via the installation script to the Full Disk Encryption preboot and installer. You can manually use Command Line Helper to generate encrypted values of strings for installation scripts or patch management.

  1. Download the Command Line Helper tool and locate the tool in your Endpoint Encryption download folder.

    The Command Line Helper tool is part of the PolicyServer installation package. Go to Trend Micro Download Center, select the Endpoint Encryption, and download the PolicyServer package.

    http://downloadcenter.trendmicro.com/

    The Command Line Helper tool is located in the following directory:

    <download_directory>\TMEE_PolicyServer\Tools\Command Line Helper

  2. Open a command prompt.
  3. Change the directory to the directory of the Command Line Helper tool.

    Example:

    cd C:\TMEE_PolicyServer\Tools\Command Line Helper

  4. Type CommandLineHelper.exe followed by the string that you want to encrypt, and press ENTER.

    Example:

    CommandLineHelper.exe examplepassword

    Tip:

    It may be easier to copy the generated value directly from a text file.

    In that case, the above example would be modified as follows:

    CommandLineHelper.exe examplepassword > file.txt

    The Command Line Helper produces an encrypted string.

Patching Process for Full Disk Encryption

  1. Push patches to targeted Full Disk Encryption devices.
  2. Follow up with a script using DAAutoLogin.
  3. Send a reboot command for the Full Disk Encryption device to load Windows GINA for confirmation of successful patching or to push another round of patches.