cancel
Showing results for 
Search instead for 
Did you mean: 
jan.ramone
Level 7

EEPC SSO issue + default pass

Hi everybody,

I want to ask you for help with Pre-Boot login, especially with Single-Sign On. I set All disks encryption . My EEPC policy on Log On Tab is followed:

Enable automatic booting - disabled

Do not display previous user name at log on - enabled

Enable on screen keyboard - enabled

Add local domain users (and tag with EE:ALDU) - enabled: Add all previous and current local domain users of the system

Enable Accessibility - disabled

Disable pre-boot authentication when not synchronized - disaled (unchecked)

Enable SSO - enabled

     Must match user name - enabled

     Using smart card PIN - disabled

     Synchronized EE password with Windows - enabled

     Allow user to cancel SSO - enabled

Require EE logon - disabled

Lock workstation when inactive - enabled (after 10 minutes)

As for UBP, token type is password only, default password was chenged and is used, password history are is disabled, also prevent change. Self-Recovery is enabled, NO. of invalid attempts is set to 3 and 3 recovery questions are used.

Another settings are not important in connection with my issue (I think so. But I can specify them if anyone wants)

Now , my problem. SSO in Pre-Boot authentification behaves strangely. Synchronization with Win password doesn't work. For example, when I change password in Pre-Boot (synchronization with Win password is turned on), I am logged directly to Windows. After restart is same situation. Pre-Boot ignores sync and log me with his password diectly to Windows.

Another problem is first authentication after installing and activation of EEPC and when encryption starts. At this point, I restart PC, in Pre-Boot authentication enter user name (obtained from LDAP), but then EEPC doesn't aply default password (12345) but he want only my Pre-Boot password (which I created earlier on this machine. But EEPC was completely uninstalled from this machine). I tried many variants but with no success.

Please, can you tell me what I do wrong ?

Thanks

Jan

0 Kudos
3 Replies
SafeBoot
Level 21

Re: EEPC SSO issue + default pass

first, please tell us what product/version you are using?

Now , my problem. SSO in Pre-Boot authentification behaves strangely. Synchronization with Win password doesn't work. For example, when I change password in Pre-Boot (synchronization with Win password is turned on), I am logged directly to Windows. After restart is same situation. Pre-Boot ignores sync and log me with his password diectly to Windows.

Yes, this is to be expected - the sync is Windows>EEPC, not the other way around. If you change your pre-boot password, you just change the pre-boot password. Nothing else. EEPC still knows what your actual Windows password is.

Another problem is first authentication after installing and activation of EEPC and when encryption starts. At this point, I restart PC, in Pre-Boot authentication enter user name (obtained from LDAP), but then EEPC doesn't aply default password (12345) but he want only my Pre-Boot password (which I created earlier on this machine. But EEPC was completely uninstalled from this machine). I tried many variants but with no success.

The password is sent to whatever management system you have, and reflected to every machine your account is allocated to - it's not a "machines specific preboot password" - it's enterprise wide.

Once it's set somewhere, it will get propageated everywhere.

Message was edited by: SafeBoot on 3/22/12 11:23:03 AM EDT
0 Kudos
jan.ramone
Level 7

Re: EEPC SSO issue + default pass

Thank you for answer. I have the newest version 6.1.3.7409862

I want to ask another question. Where Pre-Boot passwords are stored ? Are they encrypted ? Can not anyone steal them and use at stolen laptop ?

Thanks

Jan

Message was edited by: jan.ramone on 3/27/12 2:23:36 AM CDT
0 Kudos
SafeBoot
Level 21

Re: EEPC SSO issue + default pass

in the pre-boot file system, encrypted with the user key. If you steal a laptop the pre-boot password protects everything.

0 Kudos