Slowly getting to know ZENworks offered encryption possibilities.
So in testing process arose few question about ZENworks encryption.

First let's see what have I done so far:

1) FDE without PBA user:
FDE applied on computer HDD. Encryption process encrypted HDD.
When Windows OS loads, it decrypt HDD and user can log into local user.
User does not even know, that there is FDE enabled on there computer....
2) FDE with PBA user:
I create FDE policy, where i can indicate what PBA user should be:
Example: Username Janis_Abolins, Password *********
User cant change those authentification crendentials.
Everytime user needs to point those crendentials, before he can load Windows OS and log into computer.
3) FDE with PBA user+capturing
When FDE is applied on computer, it restarts system.
When local user logs in, ZENworks encryption agent creats(Capture User) from those crendentials PBA user.
If my local user was Janis_Abolins with pasword 1234qwer, it creates PBA user Janis_Abolins with password 1234qwer.
Password syhronisation happens, when local user changes password:
*After password for local user is changed, you need to restart pc.
*At Pre-boot login screen you will need to use old PBA user password.
*Then log into local user with new password.
*Then ZENworks encryption agent sync passwords.

How secure is simply encrypted HDD with ZENworks FDE without PBA user? Try to mount HDD to other system - It shows file system is not recognize and asks to formate HDD. But is it secure enough?

Is it possible to make ZENworks encryption agent synhronize passwords between PBA user and Local User in process when local user changes his local user password? Whitout restarts, relogins etc...

What exactly is writen down in ERI file? Hardware id?

Best Regards,
Janis Abolins