Showing results for 
Show  only  | Search instead for 
Did you mean: 
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 11 of 15

RE: Gina Fix

This information about the smartcard readers is good stuff. Thanks all for the info. Generally when we have problems with the GINA chain, we have to tweak things manually (as suggested above) or modify the SBGINA.INI file which can be found in your client's application directory. This file controls how our software passes credentials (or pushes buttons) in other GINAs. We update this file as our developers accomodate new GINAs. These are the ones we support now:


If you look in the file, it further explains what each of the options does. You should be able to make your own.

For disk images, here's the basic process:
1. Lay down OS
2. Install all apps/drivers/etc
3. Install the encryption piece last
4. Shut down (do not restart)
5. Take image

This puts the client down but does not activate it. When you image a machine, the client will be there. As soon as the machine syncs to the server it will register its new name in the database. The key is making sure the client doesn't activate itself before the machine has a unique name.

RE: Gina Fix

True, but what if the safeboot's server information changes? Eg. the database ID / serverkey or IP address even.. The clientsoftware wouldn't be able to sync unless you go edit the sdmcfg.ini again on the client..
Which is a pain in the ass, really.

I wouldnt suggest creating an image which already contains the clientsoftware, better is to use a package such as SMS, ePO or zenworks to push the clientsoftware out..
It's foolproof.
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 13 of 15

RE: Gina Fix

Eelco, you are right. There is a risk of including the software with an image. You can reduce the risk by using DNS name or URL in the sdmcfg.ini, but that only solves part of the problem. Deploying with ePO, or another tool (like SMS) is what most customers do in reality. As you say it is more foolproof and since the package is only 5MB, it is easy to deploy on-the-fly. I've seen customers deploy it via NAC as well; if you don't have encryption installed, you don't get on the network.
Level 7
Report Inappropriate Content
Message 14 of 15

RE: Gina Fix

would it be possible to have 4 chain of gina as follow:
i need to tell ipass to forward the gina to some other third party gina ,does any one know how?

for example u can use sb-origginadll registry key to tell safebootgina to forward to next gina

is there any command that could do the same for ipass
Level 7
Report Inappropriate Content
Message 15 of 15

RE: Gina Fix

That would be an issue for ipass. Windows loads one GINA DLL. Optionally, that dll can pass to a secondary. I know that I have stacked up to 4 DLLs (SafeBoot, Netware, Cisco VPN, and Microsoft).
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community