We are trying to implement CAC login at our location using our DOD-issued common access cards (CACs) using Endpoint Encryption for PC version 6.2 on Windows 7 (64-bit) laptops. We have already enabled CAC login to Windows by making the necessary changes on the back-end, and then installing the middleware on the machines in Windows (ActivClient, Tumbleweed). Does anyone have any experience doing this, and if so, could you go over the necessary steps to make this work? So far, we have had no luck.
Our CAC types are either Gemalto TOPDLGX4 144 or Oberthur ID One 128 5.5 Dual. We have McAfee EPO server version 4.5 patch 6.
So, after some trial and error, we were able to make this work. First, we upgraded from EEPC 6.1 patch 1, to EEPC 6.2. This caused us some trouble, since we had McAfee Host Data Loss Prevention 9.0 installed on the EPO server. We ended up removing DLP completely, then upgrading the EPO server to 4.6 patch 2. After that, we were able to install EEPC 6.2, and log in to encryption using our CACs. So, the only remaining issue is single sign on. For some reason, with our setup, this is no longer working, even though the option is selected in the policy. Does anyone know how to get SSO working with smartcard (CAC) login?
When we log in to encryption with the CAC, we must enter the user name, insert the CAC, then type in the PIN. The machine then boots to Windows. At the Windows logon screen, we must enter the PIN, and our username again (we have the user name hint option enabled via group policy). Then, the machine logs in to Windows, and all is well. However, this must be repeated every single time. Any ideas on how to fix this would be most appreciated.