Showing results for 
Show  only  | Search instead for 
Did you mean: 

Changing SSO Time

We are having an issue at my company with Group Policy Enforcement at the moment (particularly when passwords are due to expire).

Basically we MEE installed and have Single Sign On configured so that the user enters their username and password at the Safeboot Pre-Logon Operating System stage and this is presented to the MsGina and takes them into Windows. The problem is this passes the username and password so quickly to the Windows logon box, that the machine hasn't yet contacted a Domain Controller so people are always logging in with locally stored cached credentials - hence when AD passwords have expired they are not notified and can't print etc.

Does anyone know a way of changing the amount of time (increasing) it takes Safeboot to pass the logon credentials to the Windows dll? I've had a look in the sbgina.ini but nothing jumps out at me

Any help greatly appreciated.

Thanks in advance
2 Replies
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

RE: Changing SSO Time

As we simply type things into the box, no there's no capacity to force a delay. We don't do anything a fast user can't do. Perhaps there is a windows setting to wait longer for the network though?

RE: Changing SSO Time

This can be controlled through GPO. The setting is called "Always Wait for the Network at Computer Startup and Logon". It requires that your client is running Windows XP or Windows Vista.

The policy can be found under:
Computer Configuration\Administrative Templates\System\Logon

The description as defined by Microsoft for this policy is:

Determines whether Windows XP waits for the network during computer startup and user logon. By default, Windows XP does not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background once the network becomes available.

Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected.

If a user with a roaming profile, home directory, or user object logon script logs on to a computer, Windows XP always waits for the network to be initialized before logging the user on.

If a user has never logged on to this computer before, Windows XP always waits for the network to be initialized.

If you enable this setting, logons are performed in the same way as for Windows 2000 clients, in that Windows XP waits for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously.

If you disable or do not configure this setting, Windows does not wait for the network to be fully initialized and users are logged on with cached credentials. Group Policy is applied asynchronously in the background.

Note: If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this setting to ensure that Windows waits for the network to be available before applying policy.

Note: For servers, the startup and logon processing always behaves as if this policy setting is enabled.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community