This may be asimple question but here goes anyway. If the object database uses the Active Directory connector. Will the password sync as well? For example when user A changes his Windows password on a desktop not using SafeBoot then later logs into his laptop, will single sign-on work (assuming the laptop is in contact with the object database)?
Hi LMS44 - welcome to the forums happy The password will never synchronize between AD and SafeBoot. If configured to do so, the password will synch between the SafeBoot client and the SafeBoot database, however. The benefit of this is that if you encrypt another system for the same user, it'll bring down his "current" password and not reset it back to 12345 or your specific default on the new system. If the user has multiple encrypted systems, it will keep those in synch, so long as they're on the network to get the updates from the SafeBoot Database.
The downfall is that if a user uses a system and then doesn't get back to it for 180 days or so, he may not remember his "old" password, and it wont be using the AD password either. It all depends on your environment.
The AD connector can't sync the users password, for a start, the AD doesn't know what it is (only a one-way hash, which is not accessible anyway).
so no, if you change your password on a client without Endpoint Encryption for PC's on it, the system won't know about this change until SSO fails (with the wrong credentials). THEN we'll pick up the change.
Thanks for the information. It is a problem with us as we have about 50 users that have laptops as well as desktops. The laptops only occasionally connect to the network and since we are required to change passwords every 60 days the passwords are always out of sync. We added local accounts on the laptops as a stop gap measure but obviously that is not very secure. Sounds like this would exacerbate our problem. sad