Full Disk Encryption Automatic Deployment

If performing automated and mass deployments, use the tools described in Automated Deployments. This section describes automatic deployment information specific to Full Disk Encryption.

Disable Encryption During Deployment

The table below explains how to disable encryption centrally from one of the management consoles. Temporarily disable drive encryption to minimize end user impact and simplify mass deployment. Once device compatibility is confirmed, optionally re-enable encryption.


If you are performing a mass deployment, to simplify installation and minimize user impact, you may want to disable encryption. You can enable encryption at a later time to encrypt all devices simultaneously or when fewer users may be affected.

Depending on your primary management console, do the following to disable encryption during employment.


Policy Setting

PolicyServer MMC

Go to Full Disk Encryption > PC > Encryption > Encrypt Device and select No.

Control Manager

Access a new or existing policy (Policies > Policy Management) and then deselect Encrypt device under Full Disk Encryption.

Full Disk Encryption Script Example

The following is an example script to use for automated deployment. Use Command Line Helper to encrypt necessary credentials, and use Command Builder to generate the deployment script.

For example, the following values are placed into Command Builder:



Enterprise Name






Path to FDE Installer

C:\Program Files\Trend Micro\Full Disk Encryption\TMFDEInstaller.exe

In this example, under Encryption Options, the fields Username and Password are selected.

Output to install Full Disk Encryption:

C:\Program Files\Trend Micro\
Full Disk Encryption\TMFDEInstaller.exe 
ENTERPRISE=MyCompany HOST= PolicyServer.mycompany.com