CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
Columbia University Medical Center logo,  Columbia University Medical Center Information Technology
For support: call extension 5-Help (212-305-4357) or email us

Registering and Using Pre-Boot Authentication on Symantec Endpoint Encryption

Pre-boot authentication (PBA) is required on CUMC computers (including personally owned) that store or access sensitive data. Please see CUMC Encryption requirements for full information.

Verifying or Requesting Pre-boot Authentication with SEE
Compatible laptops that were imaged by CUMC IT Desktop staff will have pre-boot authentication enabled. Simply follow the instructions below to finish setting up PBA.

IMPORTANT: Computers that have installed SEE from the online form will not automatically use pre-boot authentication; if you do not see the Symantec Endpoint Encryption login screen (or GuardianEdge screen for computers running the prior version of SEE) pictured below when your computer starts up, PBA is not running.

SEE PBA Splash Screen  SEE PBA Splash Screen
Click either picture for a larger image

Basic information about the computer and user must be added on the Symantec Endpoint Encryption server by CUMC IT to enable PBA; once completed (typically remotely) the computer will prompt for registration and begin using pre-boot authentication as detailed below.

To request that PBA is enabled on a computer(s) running SEE or GE please call 5-Help or email with the following information*:
  1. Your contact information - name, UNI, phone number and email
  2. Whether the computer is a laptop or desktop.
  3. The Computer name or hostname - click here to view instructions on finding this information.
A CUMC IT technician will respond to your request after a short period of time to inform you of any further steps that may be required to enable PBA.
* If you are installing SEE on multiple computers please include the above information for each system, including each computer user's contact information. It is ok to send the information in advance.

Registering SEE Pre-Boot Authentication on Your Computer

  1. Once you have received your computer with SEE PBA enabled, or had a CUMC IT technician enable PBA, you will see a prompt to register for Symantec Endpoint Encryption after you first login to the computer. Click the Register Now button.
    NOTE: Please click here for instructions on SEE PBA registration on a shared computer.

    SEE Register Prompt

  2. The Symantec Endpoint Encryption Registration - Single Sign-On window will appear. Click the Next button.

    SEE Register Single Sign On Window

  3. In the Registration - Authenti-Check® window that appears, type in three security questions of your choice and their corresponding answers.
    • If you forget your SEE pre-boot authentication password, the computer will prompt you to answer these questions.
      IMPORTANT: answers are case sensitive, be sure that you will remember any upper vs lower-case letters when you create and type in your answers.
    • Create questions that you will be easy for you to answer but difficult for others to guess.
    • If you have a difficult time coming up with your own questions click here for examples.

    SEE Security Question Entry Fields

  4. Click the Next button in the lower right corner of the window when you have finished entering the security questions and answers.
  5. You will see a message that your Symantec Endpoint Encryption user account is now active. Select the Finish button to to close SEE PBA registration.

    SEE Registration

Logging in to a SEE Pre-boot Authentication Enabled Computer
  1. When the computer first starts up, you will see the Symantec Endpoint Encryption splash screen. Press the following three keys on on your keyboard at the same time: Ctrl Alt Delete

    Symantec Endpoint Encryption Pre-boot Authentication Splash Screen

  2. The Symantec Endpoint Encryption Logon window will appear. Type in the following:
    • User name: your computer login/MC Domain account (typically your UNI)
    • Password: your login account's password
    • Make sure the Domain drop down menu has MC selected

    SEE Pre-boot Authentication Login Window

  3. The computer will finish starting up and automatically log you in to Windows; no other login screen will appear.
  4. IMPORTANT: In the future if your MC password is reset or changed, the Symantec Endpoint Encryption Logon will not automatically recognize this and you will need to continue using your old password at the SEE prompt. See the Synchronize your SEE and MC Account Passwords page for details and instructions on manually synchronizing SEE with your new MC password.
What if I am sharing a computer?

Once a computer has a SEE Pre-boot Authentication account created on it, you will not see the Windows login screen or be able to create your own account without having the existing SEE PBA account holder log in first. See the NOTE under step 1 at the top of this page for full instructions.

| TOP |

Last updated 10/28/2014