We recently reimaged a machine because we standardized a machine group to use these Windows Logon settings:
The user didnt use his Windows login on a daily basis. He logged in locally. There was also an issue where we could not sync with his pc.
I got to thinking that if we unchecked 'Require logon to Endpoint Encryption', then people would still have to logon preboot, and single sign on would work for most people, BUT, users would still be able to login locally if the SSO failed of if the user just didnt want to login with that id.
Is this a correct assumption ? Does anyone feel I am losing out on a major security enhancement by removing the option, Require logon to Endpoint Encryption' in the Windows Login field ?