We are using B5500 and I would like to remove the change password checkbox from both the preboot and idle/locked logon dialog boxes. The preboot can be fudged by editing the graphics.ini for the appropriate theme but the idle/locked looks to be controlled files in the application directory, SBGINA.ini ?
The reason behind this is that users are getting confused, expecting their Windows credentials to be updated. I would like to remove this option and have the change driven by ctrl+alt+del and Helpdesk if a synch issue exists.
I suppose an alternative would be for the check box to trigger the Windows Change password dialog but I am going to guess that would be trickier than the cosmetic changes i am currently looking into.
I am going through the admin guides but ideas/help would be great
Thanks this would stop the users changing the SafeBoot password displaying "Password change is disabled message" when attempted but still leaves the checkbox which will confuse some of our users and engineers
Have you considered creating a "How To" document for SafeBoot/MEEPC and making it available on your intranet web site? I'm sure you mean well when you try to hide everything from the users, but a little education can go a long way. You could even e-mail all SB/MEE users with a link to the document, print them a copy (to hand out when they get a laptop), or drop a How-To document (and desktop shortcut) into their client file set.
We do preinstall communication which includes a document covering why the product is being installed, the changes which will occur and what to do if there is a problem, this is also copied to our intranet. An engineer then visits to do each setup to answer questions, check that the client can login ok and the install works fine. Maybe not the most efficient means of installation but we are happy to phase our 1200 installs over the next 6 months.
My concern with producing documents is that there are hundreds of IT related documents on our intranet and the client can become numb to the information given. My hope is to keep things as simple as possible for the user and in this case that means not having to understand that there are two authentication databases. This isn’t a major requirement but in my opinion having an option to disable password changes would be complimented by having an option to remove the check box from the gui. I’ll go with disabling the user’s ability to change password and see if I can customise the error message to say that password changes should be done via the windows ctrl + alt + delete dialog.
Hmm, I haven't tried it yet but perhaps modifying SBErrors.xml, error e0010016 to change the error? I agree completely - our users have enough (days) worth of IT Training and Documentation for all the different systems they need to use - if we can make it easier by disabling / hiding things, we should.
I believe commenting it out would only send it to default location. You could instead move it behind another window or out of bounds of the window.
If such a feature were to be introduced, it would be a machine policy and not a user policy. If you ever had a mixed environment where some can and some can't change their password, the behavior would be by machine settings and not user flags.
Sorry to bring back an old topic, but I think I've found the solution. In the graphics.ini file, change all the lines starting with ChangePwdButton.Rect= to ChangePwdButton.Rect=0,0,0,0 which essentially says to draw this box from position 0,0 to position 0,0 (making it invisible).
I'll have to go back later this week to make sure this is how I accomplished this. If it is, I'll write up a step-by-step to exporting the file from the database, making the changes, and reimporting the file back into the database.