Hi, We are currently looking at deploying MEE v 5,1,8,0 Build 5600. We want the users password to be at least 8 characters long and consist of at least 1 number and letters.
For each user, on group and user level i have set the password template to be between 8 and 40 characters and also tried setting 8 alphanumeric and 0 for the other options. Also tried 1 for numeric and left the other at 0, but whatever i seem to enter the user can still reset their password to whatever they desire, even after succesful sync?
Has anyone else come across this, or can anyone point me in the direction for setting the policy as required above??
If you can manage this through AD or whatever your authentication mechanism is, I'd recommend doing it that way. By doing it in the true authentication system, not only are your encrypted users forced into this, but also your unencrypted ones as well. You should not be using both policies since if a user can meet one but not the other you have all kinds of out of sync issues.
For example, AD says everything is wide open, but MEE says at least 10 characters. User logs in and resets their AD password - which is successful - but MEE will reject the new password and now the user has one MEE password and one AD password.
We cannot use the SSO feature within our Organisation due to the AD structure we currently have. Obviously we need to have s ecure password for EE, hence why we are trying to set it up with these rules, and not just leaving it open to simple passwords.
OK, we have chosen not to use the SSO feature as it can cause issues as our users are not static on one device. If these are then out of sync the user would ahve password reset for EE and then the windows logon would be different. The EE SSO details would then be wrong again when you go back to the original device. We are intially only rolling this out to about 1000 staff but can still cause big issues. Hence why we want to use independant passwords.
fair enough. You'll be the only customer not using SSO though so please be sure to tell our support teams when you call in, it's kind of assumed nowadays since no one else has implemented without SSO probably for years.
Yeh, but only once the device is through the preboot screen? Our problem is that staff may only use laptops occasionally and would cause issues with them not being fully synchronised.
From what i understand of organisations around us, alot of them haven't implemented SSO unless that user is tied to that specific laptop - or that they are on at the same time.
I did wonder whether it was possible to pass through the pre boot log on and the require authentication whilst the device is on the network again, but obviously that would eliminate the security of having the device encrypted.
Is it possible to have a 'last sync' message on the preboot log on?