cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

Here's my situation.  I am implementing multi-factor authentication for user logins.  We also use EEPC/DE for full disk encryption (now at v7.2).  SSO has always been hit or miss, perhaps due to the requirement to depopulate the username field.  I have written off SSO and am okay with it.

We have been a long time Deepnet Security customer and wanted to use their Windows encryption provider to prompt for a token/FIDO key/etc..  Simple, right?

The product works great on un-encrypted computers.  My DE Product Settings policy has disabled the option for "Provide a single sign-on experience for Drive Encryption users (SSO)." and on the Pre-7.2 screen, Enable SSO is disabled.

What happens is this:

PC boots.  User authenticates at the pre-boot.  WIndows loads.  User is presented with what looks like the Windows credential provider.  (They should have received the Deepnet provider asking for a token code.)  If they lock the screen, the Deepnet provider is there.  If you log off/log on again, you get the Deepnet provider.  Only at boot (when the McAfee SSO bits are trying to work) does it seem to be a problem. 

 

This is what DeepNet support says, and what I am failing to accomplish.:  The solution is to disable the McAfee credential provider.  This will not disable McAffee encryption, but the side effect will be that after the user signs they will need to supply their credentials a second time during DualShield 2fa Sign-On (once during McAffee sign-on, and once during DualShield sign-on).

 

Anyone successfully disabled SSO for DE?  Any advice?

 

Thanks

 

 

 

 

1 Solution

Accepted Solutions
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

The credential provider serves two funcitons:

1. SSO

2. Password Synchronization between Windows and Preboot

Both of these options must be disabled to disable the credential provider.

1 Reply
McAfee Employee jhall2
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

The credential provider serves two funcitons:

1. SSO

2. Password Synchronization between Windows and Preboot

Both of these options must be disabled to disable the credential provider.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.