1281 How to apply Patches (e.g. system updates, application updates, etc) to Pre-Boot-protected devices encrypted with SecureDoc

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

How to apply Patches (e.g. system updates, application updates, etc) to Pre-Boot-protected devices encrypted with SecureDoc

Scenario:
Having encrypted computers hard drives so they would be compliant to the 140-2 FIPS Standards, SecureDoc Administrators will normally configure that such devices will be protected by enabling the SecureDoc Pre-Boot environment, which stops the machine just after the BIOS POST to request that the user authenticates to his key file before the decryption process can begin and the operating system can load.
Assuming the organization needs to patch these machines using SCCM, SMS, Tivoli or similar software distribution/management tools, how is that possible if the device requires authentication at pre-boot before the operating system can load?

Solution:
The SES Administrator will need to enable the ‘Auto-boot’ feature within the SecureDoc Enterprise Server.
This feature allows SCCM/SMS/Tivoli packages to run, install and reboot the machine either any number of times, or a specified number of times (maximum) within a specific timeframe defined by the SES Administrator - during which the client devices so selected can be booted up to the Windows Logon screen,  temporarily bypassing the Pre-Boot authentication screen.  Once at the Windows Logon screen, the "listener" service that can react to software distribution tools like SCCM/SMS will be active and accessible to those tools.

Once the SCCM/SMS packages are finished and the devices fully patched, the ‘Auto-boot’ feature can be disabled, and the Pre-Boot screen will once again appear.

NOTE:
All information such as when the ‘Auto-boot’ feature was enabled, by whom and how many times the machine has been rebooted are logged within the SecureDoc Management Console.
NOTE: It is also possible to script enabling the ‘Auto-boot’ feature into the SCCM/SMS script if needed - See the SES User Guide documentation index; search for SDUtil and SDBat.

For a full treatment on this topic, the reader is encouraged to review the SES User Guide documentation.  See the Index for references to ‘Auto-boot’, as this will provide guidance on the variety of options available when using the Auto-Boot feature.

Version:
Affects all versions of SD

Related articles