cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

Here's my situation.  I am implementing multi-factor authentication for user logins.  We also use EEPC/DE for full disk encryption (now at v7.2).  SSO has always been hit or miss, perhaps due to the requirement to depopulate the username field.  I have written off SSO and am okay with it.

We have been a long time Deepnet Security customer and wanted to use their Windows encryption provider to prompt for a token/FIDO key/etc..  Simple, right?

The product works great on un-encrypted computers.  My DE Product Settings policy has disabled the option for "Provide a single sign-on experience for Drive Encryption users (SSO)." and on the Pre-7.2 screen, Enable SSO is disabled.

What happens is this:

PC boots.  User authenticates at the pre-boot.  WIndows loads.  User is presented with what looks like the Windows credential provider.  (They should have received the Deepnet provider asking for a token code.)  If they lock the screen, the Deepnet provider is there.  If you log off/log on again, you get the Deepnet provider.  Only at boot (when the McAfee SSO bits are trying to work) does it seem to be a problem. 

 

This is what DeepNet support says, and what I am failing to accomplish.:  The solution is to disable the McAfee credential provider.  This will not disable McAffee encryption, but the side effect will be that after the user signs they will need to supply their credentials a second time during DualShield 2fa Sign-On (once during McAffee sign-on, and once during DualShield sign-on).

 

Anyone successfully disabled SSO for DE?  Any advice?

 

Thanks

 

 

 

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

The credential provider serves two funcitons:

1. SSO

2. Password Synchronization between Windows and Preboot

Both of these options must be disabled to disable the credential provider.

View solution in original post

1 Reply
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Need help trying to disable Drive Encryption Authentication Provider

Jump to solution

The credential provider serves two funcitons:

1. SSO

2. Password Synchronization between Windows and Preboot

Both of these options must be disabled to disable the credential provider.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community