Showing results for 
Search instead for 
Did you mean: 
Level 7

Removing Autoboot user

We plan to rollout encryption for 100+ devices in few weeks. Instead of giving a default password to login the first time, we are thinking of adding autoboot user and then removing it later once the windows password and SSO gets updated on the endpoint and on the MEE server.

My question is, can we selectively disablesecurity/ remove autoboot user based on if the user updated the windows password. Say for example, if there are 13 (out of 100) laptops not encrypted or if they are encrypted, but waiting for reboot for SSO update.

How can i automatically remove autoboot user on the other 87 machines and leave these 13 machines. Is it wise to do this via enablesecurity & disablesecurity (command using sbadmcl) or can we do it at the MEE server (via adding & removing autoboot user)?

Pls. advise

using MEE version

0 Kudos
3 Replies
Level 21

Re: Removing Autoboot user

You can do it manually via eem or the API (setuser/removeuser) - but how are you going to tell if some other user changed their password or not, and how will they change their password if you're using autoboot mode? SSO won't work with Autoboot - if it did then it would only be setting the details of the autoboot account itself?

You'd be better off looking into AutoDomain I think - I was designed to handle/automate all this deployment stuff.

0 Kudos
Level 7

Re: Removing Autoboot user

Yes, I'm indeed using autodomain script to harvest the cached users and add them to respective machines.

So, if a Laptop-1 and Laptop-2 have autoboot user added to the policy and autodomain script added to the installation set. Can I do the following

Push the installation set with autodomain

Agent installation completes

Autodmain harvest user ids (User-A & User-B) and adds them to Laptop-1

User-A logs in the laptop at the GINA after the encryption installation and reboot

The policy has SSO enabled, so the windows password is updated in the SB filesystem and also synched with the MEE server

The consequent machine reboots does not bring Preboot

One week later, we remove Autoboot user from machine policy

Now when User-A reboots he logs in with the Windows credentials which he/she is familiar with.

Here I only took example fo Laptop-1. Laptop-2 may be lying around not powered on. So how would I remove the autoboot user (after having the knowledge that the laptop is encrypted and SSO updated) from Laptop-1. How would I capture the fact that Laptop-1 indeed had User-A login and update SSO credentials?

That is where I'm stuck....

0 Kudos
Level 15

Re: Removing Autoboot user

You may find out that issues stemming from whole SSO concept, multiple users assigned to each machine and automatic autoboot approach are to complex to handle. Why not to stick to simple and proven approach of single user, default initial password and non-SSO deployment?

0 Kudos