From much experimenting (and reading the docs) I understand that the users SSO credentials are stored in their user profile, that’s fine.
The problem I have is that we have a requirement for SSO to work even though the user has never logged onto that machine before (and therefore does not yet have a profile created). Both the Endpoint username and password match the Windows passwords so it would be great if Endpoint would simply pass the credentials straight through to the Windows logon.
Even though I'd configured Endpoint to attempt to logon to Windows using Endpoint credentials (which should work), it still fails if the user has never logged onto the machine before (and therefore doesn’t have a profile).
Does anyone know if it is possible for SSO to work the first time, even without a profile?
i don't think it will work if a user has truely never logged on. If this is in a corporate environment, what a lot of IT staff do is log onto A N Other laptop using the client, both pre-boot and windows, then sync up the SSO details to the server.
Then any machine that sync's (regardless of who is logged on) will get those SSO cred's. A password reset by the helpdesk, using "force change at next log-on" would then force user to change password upon first entry to windows and then the passwords should sync themselves back up.
Are you talking about WINDOWS profiles? The password is not stored in the users profile - it's stored in the SafeBoot File System (SbFS). The only thing that is a hindrance to you is perhaps that because no one has logged into the system, the client hasn't brought down the user accounts yet --- but if that was the case, then encryption shouldn't have started.