Re:Many products allow disabling preboot auth (Score 1)

As a pre-sales technician for a company that resells Utimaco software I have never recommended that pre-boot authentication be disabled. I have even had companies request to deploy the the software with pre-boot authentication disabled and refused their requests on the basis that encryption without authentication is futile. With regards to the TFA, the Utimaco software also has a feature which can temporarily disable the pre-boot authentication. The feature is misleadingly called "Wake on Lan support" and enables the computer to boot X number of times without authenticating. Of course this can only be enabled by providing the credentials of an account with suitable rights (ie. not the end user). If this feature is activated it is not possible to log on to computer interactively once Windows has booted. As mentioned in previous comments this feature is necessary in large organizations to enable patch management etc.. It is NOT a backdoor in any way or form.