Hi, I am facing some issues with password syncronization in safeboot. Even when a user is changing his windows password, the safeboot password is not changing to match the windows password. The below options are checked in the machine properties: 1)Automatically logon as boot user. 2)set safeboot password to windows password. 3)Must match windows username. We are not using the AD connector and creating users manually when installing the client
Are your users changing their passwords by doing a ctrl+alt+delete and then selecting change password?
Or are they actually logging into windows with the new password?
I think, someone correct me if i am wrong, that SafeBoot only recognizes the new password once windows has been authenticated with the new password.
So for instance. If you have a user setting at the windows login prompt and you change their AD password and then they login to windows with the new password SafeBoot should see that and make the appropriate changes.
If you are already in windows, and you change their password in AD or by the ctrl+alt+delete and then selecting change password method you will need to actually log out and then back in again with that new password before safeboot will see the change.
Again, its been a while since i have setup SSO so someone correct me if i am wrong.
OK so i have been doing some testing. This is what i have come up with.
Machine Properties Check: Set Endpoint Encryption Password To Windows Password Check: Windows Username must match
** If you login to SafeBoot with password1 and then your windows account is flagged to change password on next login and you change your windows password to something different it should automatically change SafeBoot to the same thing instantly.
** If you use the ctrl+alt+del and then choose change password from within Windows the SafeBoot password will not be changed until the next time you reboot, login to SafeBoot with your old password, and then login to Windows with you new password. After this extra reboot step your passwords will match again.
** If you login to SafeBoot with Password1 and then you call your help desk to have your windows password changed to Password2 and then login to Windows with Password2 your SafeBoot will not match until you reboot again, login to SafeBoot with Password1 and then Windows with Password2. After that step, your passwords will match again.
** If you are all the way into Windows and you for some reason would like your password to be changed to something different and call the helpdesk to have this accomplished and they change your AD account, the same steps as the last two bullets apply. you still have to reboot, login to SB with old password, login to Windows with new PW and then at that point you should be matching again on your next reboot.
It appears that the only REAL way to make this efficient is if your account expires and windows forces you to change your PW, at that point it works automatically. Any other method of changing your windows password requires that you reboot, login to Sb with old PW and then into Windows with new PW before they will match. A simple logout of windows and back in does not do the trick.
on a side note, changing your Windows password via OWA or on another machine is not quite the same. The change still must be made on the computer you are working on with SafeBoot before any real changes are made for that particular computer.
User error... has to be. The software doesnt work one way half the time and another way the other half of the time.
Here is what to remember.
When your first boot your laptop, and you first get to your windows logon box, if you logon right there and right there only with a password different than what you just logged into safeboot with, the change happens instantly and automatically.
The ONLY place safeboot flags this change is on the original first boot windows logon box.
If you change your windows password anywhere else, it doesnt take effect until you reboot, and login to windows from the start with the new password.
If you are having issues with only a handful of people, then those people are probably doing something wrong.
it is a very specific thing and unfortunatley there are a zillion different ways to reset windows passwords. It would be nice if SafeBoot could be flagged anytime and anywhere the windows password was changed but to my knowledge there isnt such a thing.
Yes there are so many things that could cause it to not quite work right, but in any case, it should always act the same on all computers given that the actions taken by the end user are always the same.
Any change in any variable can cause different results.