cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 4

"Set Encdpoint Encryption password to windows password" & Windows 7.

Hi,

To be honest, it seems that the question I have is NOT a McAfee BUT Microsoft, however, I would like to know it.

I tested as below on Windows 7 machine.

1. Install EEPC to the PC joined Domain(Active Directory) with followinf policies enabled.

    - Require login to Endpoint Encryption

    - Attempt automatic Windows logon

    - Automatically logon as pre-boot user

    - Set Encdpoint Encryption password to windows password. 

It means both EEPC user and Windows user are set to match as a password "AAA" and SSO is enabled.

2. Change the domain user password in Active Directory server to "BBB" from "AAA".

3. Reboot client PC.

4. Pass PBA with password "AAA" still.

5. Somehow, I can logon by SSO... (In fact, logon with "AAA" password although I change it to "BBB" at Step.2)

6. Reboot PC.

7. Pass PBA with password "AAA" still.

8. Fail to SSO, then enter "BBB" as Windows password

9. Reboot client PC

10. Pass PBA with password "BBB", and logon by SSO to Windows.

So, I feel strange situation because I think it should fail to SSO at Step.5, but actually, I can logon by SSO...

That is the design of windows domain environment??

Regards,

3 Replies

Re: "Set Encdpoint Encryption password to windows password" & Windows 7.

Hello,

In step 2 when you change the Windows password in AD the AD does not have to instantly update the client therefore from our product point of view the SSO credentials are still valid, only once we "see" that a password change has occurred (when AD informs the local client) will the SSO fail and you will be asked to login into Windows, once that is achieved we will capture the credentials.

HTH,

Highlighted
Level 9
Report Inappropriate Content
Message 3 of 4

Re: "Set Encdpoint Encryption password to windows password" & Windows 7.

foliveir,

Thanks. But I don't really clear...

I tested following without EEPC installation again.

1. Logon with password "AAA" to client PC.

2. Change the domain user password in Active Directory server to "BBB" from "AAA".

3. Reboot client PC

4. Logon with password "AAA" somehow.

Above flow is the design?

I believe the Windows logon password of Step.4 should be "BBB"...

Regards,

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: "Set Encdpoint Encryption password to windows password" & Windows 7.

No, only local password changes can be captured - changing the password in the AD does not get reflected to the client in a way products can intercept.

You have to use the client side ctrl-alt-del password change option or EEPC won't see the change happen.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community