cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows Password not syncing with encryption pre-boot

I'm having a issue with users Windows password not syncing with encryption pre-boot. The user will log into windows press ctrl+alt+del to change their password. Now for some reason the users still have to use their old password to logon to preboot, One user we tested with 2 week later he had to use his old password to sign into Pre-boot. When the user changed his password there was no change password event. After 2 week the user selected the change password at the pre-boot and changed his password.

Any thing I might be missing.

Regards

6 Replies
cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Windows Password not syncing with encryption pre-boot

If SSO and password synchronization are properly configured in the policy and the users are in sync, when doing the password change on the local system with CTRL+ALT+DEL, it should be able to capture that change at that time, assuming that user is the logged on preboot user.  Assuming all of that is the case but the password is not changing, I would look to whether there are any other third-party credential provider filters in place that may be preventing the MDE credential provider from "seeing" the password change.

Re: Windows Password not syncing with encryption pre-boot

Thanks

I know the client are user a 3 party as well that is configure on the machine to change their password if the forgot it.

I know automatic booting is also enabled for when the do some software upgrades or OS upgrades not sure for how many reboots it has been set.

So if the user changed his password in the time that pre-boot was not off, the password sync will not happen?

cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Windows Password not syncing with encryption pre-boot

If preboot is enabled and the user in Windows is the same user that is logged in as the preboot user it should be able to change.  If, however, there is no logged in user because automatic booting was used, the password change will not happen for the MDE user account.

Re: Windows Password not syncing with encryption pre-boot

I believe this users pre-boot was disable for a month to allow them to work from home while waiting for their vpn access and to allow the to change their password to something more complex.The machine was used daily by the same user and the password was changed before pre-boot was enabled again. Now if automatic booting is the issue for not updating the password, should the user not receive a message in windows that the password is out of sync as set in the policy?

 

 

 

 

cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Windows Password not syncing with encryption pre-boot

The message comes from a functionality that is configurable that checks to see if the MDE password matches or not.  Generally in this situation I wouldn't expect that it would give a pop up for that while automatic booting since there is no user logged into preboot but variables like the token state, could potentially  impact that behavior.   Is the user seeing this pop up at this point?

If preboot is back to an enabled state, the most efficient way to get it back "in line" would probably be to issue a token reset from the DE: Users query, sync up the system and have the user reboot as soon as the reset has come through.  Then they can log in, basically the same way as if they were a new user and get it synchronized.  I would advise to make sure that it is done quickly and in coordination with the user so that the system does not get left with a user in a default state.

Re: Windows Password not syncing with encryption pre-boot

No for the past 2 week the user used his old password at preboot and the new password in windows. But there was no pop-up in the 2 week that he was using it. Some of the users already updated their details by using the change password at pre-boot or by doing a self recovery. The rest that is out of sync data will be reset and have to re-register.

 

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community