cancel
Showing results for 
Search instead for 
Did you mean: 

Encryption password not in sync with Network Password

Jump to solution

I have an issue with users changing their Endpoint Encryption Password thinking they have changed their Network Password, and they call in saying that they changed their network password and can not log in to several applications.

Is there a script that I can give users to change their network password when they change their Encryption password ? or a script that can change their Encryption Password when they changes their Network Password ?

1 Solution

Accepted Solutions
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 11 of 12

Re: Encryption password not in sync with Network Password

Jump to solution

No, it can't be greyed out, but you can disable change by using the "prevent change" user token policy option.

I guess you could move the box outside the bounds of the window by editing the theme file, but we would not want you to do that as it would make you difficult to support.

Your call, but just don't log a ticket asking where the button went...

11 Replies

Re: Encryption password not in sync with Network Password

Jump to solution

This is an age old question for this product. There are also multiple ways to approach this issue. The easiest is to have them change the password with the windows change password dialog. As long as you have SSO configured this will also change their windows password. You could also script the EE password change using the CLI.

Re: Encryption password not in sync with Network Password

Jump to solution

Yes, I know I can do it on command line, but the fact is that i am trying to reduce the number of calls to the help desk because no matter what I do, they are going to continue doing it, and manual interveention is requried.   I was tryiing to find an automatic way to solve this isssue.

Users do not understand. They either change their encryption password thinking this will change their network password, or they change their network password and disconnect the lapotp before it syncs.

Is there any other way ?

thank you....

Re: Encryption password not in sync with Network Password

Jump to solution

The closest thing is EEPC SSO, but you will have to live with problems that SSO produces.

Windows and EEPC have different requirements for password change. I doubt you will ever solve it, unless you make McAfee or MS, to modify their approach on how to change and recover user passwords.

Re: Encryption password not in sync with Network Password

Jump to solution

I just submitted a product enhancement request to add an option to somehow send an ldap command when a user changes their endpoint encryption password.

As soon as the user enters the password and press enter, an ldap command would be executed to change the AD password, which can very easily be done.

Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 6 of 12

Re: Encryption password not in sync with Network Password

Jump to solution

Don't you need to know the old password to change the current AD password? What happens if the domain is offline? What happens if the user changes their password in the pre-boot screen?

Re: Encryption password not in sync with Network Password

Jump to solution

Safeboot, please answer your own questions.

Re: Encryption password not in sync with Network Password

Jump to solution

I have found the solution to my SSO problem.

I have disabled the ability for users to change their password on the McAfee Encryption screen forcing them to use the windows change password screen.

This prevents users changing their encryption password thinking they changed their AD password.  Now, the only way they can change their password would be thru windows.

I still have to make sure they do a sync or they will still have a problem.

I have a new question now. How do you gray out the change password option on the McAfee log in screen ?

and second, how do you force a sync immedaitely after they change their password  ?

Message was edited by: mariosanchez on 12/16/10 3:28:28 PM CST

Re: Encryption password not in sync with Network Password

Jump to solution

By disabling the change password option we solve most of your questions. Now, if they are off the domain and the 120 days time out expires, they just have to call in anyway.

Highlighted

Re: Encryption password not in sync with Network Password

Jump to solution

Can the change password button be grayed out on the log in screen ?. I want to prevent users to change their password there, because is causing us problems. Users do not understand that by changing the EEM password, it will not change their AD password.

Please let me know if the option can be greyed out...

Thank you....

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community