Hey there,

I was wondering if anyone had any good solutions for automating software patching of PCs with disk encryption and pre-boot authentification, since rebooting means someone has to be at the PC to enter in a password each time the PC boots up.

For our in-office desktops we have an overnight schedule which patches and reboots PCs as needed.

All our laptops have Truecrypt disk encryption with pre-boot authentification, so if KACE had to reboot the PC any number of times, the laptop would get stuck at the Truecrypt pre-boot password screen. We would tell our users to dock their laptops overnight every once in a while, but patching would still get stuck at pre-boot for an encryption password.

I was wondering if anyone has found any other encryption software that is patch/reboot friendly, or if there's a way to keep Truecrypt with pre-boot auth and automate the patching/reboot process.



0 Comments   [ + ] Show Comments


Please log in to comment

Community Chosen Answer


use the command line


Answered 02/05/2013 by: SMal.tmcc
Red Belt

  • thanks, but how would I do this? I understand that there is an option to "Mount partition using system encryption without pre-boot authentication," but this only seems to work if I am booted in another operating system and need to mount a partition with pre-boot auth from this other operating system. (e.g. If I booted into Linux and wanted to mount a Windows partition that normally has pre-boot auth.)

    Am I missing something? How would I use command line to help me with this if I'm trying to mount the drive at boot without pre-boot auth? Would I have to run Truecrypt off its own unencrypted partition at boot and then mount the encrypted drive without preboot auth?
    • You will need to get the OS running then issue the command to mount the truecrypt partition.
      • Just to clarify: I only have a single Truecrypt-encrypted w/PBA and a single OS (Win7) on these laptops. Ultimately, I want to be able to let KACE run updates in windows, then reboot and boot back into the same windows drive to complete updates.

        I tried to mount the system drive without PBA within TC while booted into windows and got the notification that I couldn't "mount without PBA for a drive that's currently the system drive."

        If I'm hearing you correctly, are you saying I need to

        1. Boot into windows normally and issue the command in truecrypt to run at boot? Then let the computer reboot without PBA? How would I do this?


        2. are you saying I would need to have a separate partition with a separate OS running Truecrypt to mount without PBA.

        thanks for you help
  • This content is currently hidden from public view.
    Reason: Removed by member request
    For more information, visit our FAQ's.
  • Sorry did not realize you encrypted everything. we only encrypt a second partition
Please log in to comment


This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

Answer this question or Comment on this question for clarity
Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.